X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=PVE%2FFirewall.pm;fp=PVE%2FFirewall.pm;h=ef9d136d43058d83b912995bb65b4ea080a77daa;hp=081b35098b3b7c4947391962fb9ff472f3d9f248;hb=25c7b224a92c7eb81cabcdad67ec99b7fa124660;hpb=79929d9c5e6fb3230347ca9a2ae99360270b5e89

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index 081b350..ef9d136 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -846,11 +846,13 @@ sub generate_tap_rules_direction {
 	    ruleset_addrule($ruleset, $tapchain, "-j ACCEPT");
 	}
     } elsif ($policy eq 'DROP') {
+	ruleset_addrule($ruleset, $tapchain, "-j PVEFW-Drop");
 	ruleset_addrule($ruleset, $tapchain, "-j LOG --log-prefix \"$tapchain-dropped: \" --log-level 4");
 	ruleset_addrule($ruleset, $tapchain, "-j DROP");
     } elsif ($policy eq 'REJECT') {
+	ruleset_addrule($ruleset, $tapchain, "-j PVEFW-Reject");
 	ruleset_addrule($ruleset, $tapchain, "-j LOG --log-prefix \"$tapchain-reject: \" --log-level 4");
-	ruleset_addrule($ruleset, $tapchain, "-j REJECT");
+	ruleset_addrule($ruleset, $tapchain, "-g PVEFW-reject");
     } else {
 	# should not happen
 	die "internal error: unknown policy '$policy'";