accept traffic to unmanaged bridge ports
authorDietmar Maurer <dietmar@proxmox.com>
Thu, 27 Feb 2014 07:54:11 +0000 (08:54 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Thu, 27 Feb 2014 07:54:11 +0000 (08:54 +0100)
PVE/Firewall.pm

index 8cd8a1b..568b531 100644 (file)
@@ -816,6 +816,8 @@ sub generate_bridge_chains {
        ruleset_create_chain($ruleset, "$bridge-IN");
        ruleset_addrule($ruleset, "$bridge-FW", "-m physdev --physdev-is-bridged --physdev-is-out -j $bridge-IN");
        ruleset_addrule($ruleset, "$bridge-FW", "-m mark --mark 1 -j ACCEPT");
+       # accept traffic to unmanaged bridge ports
+       ruleset_addrule($ruleset, "$bridge-FW", "-m physdev --physdev-is-bridged --physdev-is-out -j ACCEPT ");
     }
 }