Le 12/10/2018 à 17:10, Stephen Borrill a écrit :
I'm trying to configure a ruleset to filter traffic bound for the outside world and also allow an incoming port map. The ruleset can be seen below. I would expect that the "pass stateful out" on the internal interface would have allowed the packets back in past the "block in all" from 10.10.0.2 when replying. However, it does not.
your $trusted and $int_xennet0_addrs variables are unused, from here on I can't know if you didn't forget entries and other things in your conf