X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=README;h=7fd313b08d69e500c9a5023a91f749fd4996a9e6;hp=23c350f9a21d01fa27b63df1008ad453eb64f2e3;hb=c598011d4092056d13768b324d01e43b550edc6b;hpb=cdf17f8459f2a96d595beb6e40102d6ac24ecbab

diff --git a/README b/README
index 23c350f..7fd313b 100644
--- a/README
+++ b/README
@@ -113,17 +113,14 @@ iface vmbr1 inet manual
       bridge_stp off
       bridge_fd 0
 
-# setup masqueraded bridge port vmbr1/pm1
+# setup masqueraded bridge port vmbr1/pm1 using pm0
+# NOTE: this needs kernel 3.10.0 or newer (for conntrack --zone) 
 auto pm1
 iface pm1 inet static
        address 10.10.10.1
        netmask 255.255.255.0
        VETH_BRIDGETO vmbr1
-       post-up   iptables -t raw -A PREROUTING -s '10.10.10.0/24' -i vmbr1 -j CT --zone 1
-       post-up   iptables -t raw -A PREROUTING -d '10.10.10.0/24' -i vmbr1 -j CT --zone 1
-       post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o pm0 -j MASQUERADE
-       post-down iptables -t nat -F POSTROUTING
-       post-down iptables -t raw -F PREROUTING
+       VETH_MASQUERADE pm0
 
 ...