I now just checked the files and all were filled with a "0".
Then i let Hetzner re-evaluate my issue and got the message that my issue is not resolved.
Yes i did restart the node.
About the patch, it's still possible that wrong packet is coming up to the host vmbr0, (but not to the vm or vm firewall bridge)
because the physical interface is still is promiscous mode.
It's possible to disable promisc mode, if my patch is apply (with bridge-disable-mac-learning 1),
but also, bridge need to be in vlan-aware mode. (even if vm don't have any vm).
if somebody could try:
Code:
auto vmbr0
iface vmbr0 inet manual
bridge ports ...
...
bridge-disable-mac-learning 1
bridge-vlan-aware yes
bridge-vids 2 #just to avoid to generate too much vlans
I think that untagged traffic should still works.
With this, if you do a dmesg, you shouldn't see this message "device ethX entered promiscuous mode" anymore.
Then we are 100% sure than wrong dest ip/mac is not entering the server.