[pve-devel] hosts.fw and security groups
Alexandre DERUMIER
aderumier at odiso.com
Wed Feb 19 17:36:24 CET 2014
>>
>>Though a bit more about that, and realized that groups.fw is shared among all cluster nodes.
>>
>>That basically means that the host firewall (node local) is not updated automatically if the user
>>updates groups.fw (only works for one node).
>>
>>So this produces unexpected behavior. What do you think about that?
same for tap interface I think.
Maybe using inotify to update firewall rules on groups.fw file update ?
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mercredi 19 Février 2014 17:25:47
Objet: RE: hosts.fw and security groups
> >>I think it would be great to allow the use of security groups for the host
> firewall.
> >>Do you think that is possible?
>
> Yes, I think it's not a problem, now that we are using mark
Though a bit more about that, and realized that groups.fw is shared among all cluster nodes.
That basically means that the host firewall (node local) is not updated automatically if the user
updates groups.fw (only works for one node).
So this produces unexpected behavior. What do you think about that?
More information about the pve-devel
mailing list