From 7323008d3b7d8f13ba06eea4faf92799693fbf77 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 27 Feb 2014 08:54:11 +0100
Subject: [PATCH] accept traffic to unmanaged bridge ports

---
 PVE/Firewall.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index 8cd8a1b..568b531 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -816,6 +816,8 @@ sub generate_bridge_chains {
 	ruleset_create_chain($ruleset, "$bridge-IN");
 	ruleset_addrule($ruleset, "$bridge-FW", "-m physdev --physdev-is-bridged --physdev-is-out -j $bridge-IN");
 	ruleset_addrule($ruleset, "$bridge-FW", "-m mark --mark 1 -j ACCEPT");
+	# accept traffic to unmanaged bridge ports
+	ruleset_addrule($ruleset, "$bridge-FW", "-m physdev --physdev-is-bridged --physdev-is-out -j ACCEPT ");
     }
 }
 
-- 
2.39.2