[pve-devel] firewall : add ip "alias" feature suggestion.

[Alexandre DERUMIER]

I guess it is not much work to implement that (although we would need to add a API and GUI for that). 

>>But we already have ipsets, and there is DNS too. So I am not sure if we gain much.

We could create 1 ipset by alias, but I don't known if it's not too big memory overhead, as hashtable min size is 64.
But we can make ipset of ipset, it's a supported feature.

(For DNS, what do you have in mind? )


>> AFAIR I saw that feature on a CISCO firewall some time ago? 
Yes, indeed. (Currently it's the way I manage my cisco firewall ;)

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Lundi 7 Avril 2014 06:14:35 
Objet: RE: [pve-devel] firewall : add ip "alias" feature suggestion. 

> one example of usage, if a vm change his ip address, we simply change the 
> alias, without need to change any rules. 
> 
> 
> What do you think about it ? 

I guess it is not much work to implement that (although we would need to add a API and GUI for that). 

But we already have ipsets, and there is DNS too. So I am not sure if we gain much. AFAIR I saw 
that feature on a CISCO firewall some time ago?