git.proxmox.com Git - pve-firewall.git/commit

author	Dietmar Maurer <dietmar@proxmox.com>
	Mon, 12 May 2014 11:33:15 +0000 (13:33 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 13 May 2014 05:16:58 +0000 (07:16 +0200)
commit	a01c32c752ad1e5906f1bfda9e4e93b01a4b8bc0
tree	f806d03827fa67e570036d6e319ebae83fd84a65	tree
parent	55e686c70711a4bf846c04db7bd37e6e09beeac4	commit \| diff

remove bridge chains

-A PVEFW-FORWARD ! -i fwbr+ -j ACCEPT
-A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP
-A PVEFW-FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-in link+ -j PVEFW-FWBR-IN
      -A PVEFW-FWBR-IN -m physdev --physdev-out tap123i0 --physdev-is-bridged -j tap123i0-IN
      -A PVEFW-FWBR-IN -m physdev --physdev-out veth0.0 --physdev-is-bridged -j veth0.0-IN
-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-out link+ -j PVEFW-FWBR-OUT
      -A PVEFW-FWBR-OUT -m physdev --physdev-in tap123i0 -j tap123i0-OUT
      -A PVEFW-FWBR-OUT -m physdev --physdev-in veth0.0  -j veth0.0-OUT

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>