[pve-devel] hosts.fw and security groups
Dietmar Maurer
dietmar at proxmox.com
Wed Feb 19 17:51:29 CET 2014
> >>Though a bit more about that, and realized that groups.fw is shared
> among all cluster nodes.
> >>
> >>That basically means that the host firewall (node local) is not
> >>updated automatically if the user updates groups.fw (only works for one
> node).
> >>
> >>So this produces unexpected behavior. What do you think about that?
>
> same for tap interface I think.
Oh, you are right :-(
> Maybe using inotify to update firewall rules on groups.fw file update ?
INotify does not work with the cluster file system (/etc/pve).
But we can implement some kind of polling (inside pvestatd).
More information about the pve-devel
mailing list