From 7b291cabd7a69a441cae666b2c94ab49106cf592 Mon Sep 17 00:00:00 2001
From: Alexandre Derumier <aderumier@odiso.com>
Date: Tue, 25 Feb 2014 13:24:06 +0100
Subject: [PATCH] use RETURN instead ACCEPT for tap-out rules

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Firewall.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index a19505a..ea24cfb 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -684,10 +684,10 @@ sub generate_tap_rules_direction {
 		    generate_group_rules($ruleset, $group_rules, $2);
 		}
 		ruleset_generate_rule($ruleset, $tapchain, $rule);
-		ruleset_addrule($ruleset, $tapchain, "-m mark --mark 1 -g $bridge-IN")
+		ruleset_addrule($ruleset, $tapchain, "-m mark --mark 1 -j RETURN")
 		    if $direction eq 'OUT';
 	    } else {
-		$rule->{action} = "$bridge-IN" if $rule->{action} eq 'ACCEPT' && $direction eq 'OUT';
+		$rule->{action} = "RETURN" if $rule->{action} eq 'ACCEPT' && $direction eq 'OUT';
 		ruleset_generate_rule($ruleset, $tapchain, $rule);
 	    }
 	}
-- 
2.39.2