Hi, On 21. februára 2025 15:40:51 UTC, robinleepowell@xxxxxxxxx wrote: >So my question is, what *should* happen here? As far as I can tell, >there is absolutely nothing the libvirt tooling can do to override >my reject. I can't jump between tables so I can't do like "jump >libvert_inp" in my chain. What's the right move? Options I've >thought of; I'm hoping there's something better: Basicaly, you can "overide" reject in two steps: 1. mark packets accepted by libvirt (or generaly in any other rule) 2. exlude these marks from your reject You must check in libvirt docs, If it is able to set some mark... regards -- Slavko https://www.slavino.sk/
