+ # fixme: what log level should we use here?
+ my $loglevel = get_option_log_level($hostfw_options, "log_level_out");
+
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-i venet0 -j ACCEPT");
+ # disable interbridge routing
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-o vmbr+ -j PVEFW-Drop");
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-i vmbr+ -j PVEFW-Drop");
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-o vmbr+ -j LOG --log-prefix \"PVEFW-FORWARD-dropped \" --log-level $loglevel");
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-i vmbr+ -j LOG --log-prefix \"PVEFW-FORWARD-dropped \" --log-level $loglevel");
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-o vmbr+ -j DROP");
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-i vmbr+ -j DROP");
+