[pve-devel] hosts.fw and security groups
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Wed Feb 19 18:44:53 CET 2014
Am 19.02.2014 um 18:28 schrieb Alexandre DERUMIER <aderumier at odiso.com>:
>>> INotify does not work with the cluster file system (/etc/pve).
> ok, I didn't known.
>
>>> But we can implement some kind of polling (inside pvestatd).
> Yes. (do we need to compute all chains ? or only group chains and update them if checksum change ?)
>
>
Why not use mtime of the file?
Stefan
> ----- Mail original -----
>
> De: "Dietmar Maurer" <dietmar at proxmox.com>
> À: "Alexandre DERUMIER" <aderumier at odiso.com>
> Cc: pve-devel at pve.proxmox.com
> Envoyé: Mercredi 19 Février 2014 17:51:29
> Objet: RE: hosts.fw and security groups
>
>>>> Though a bit more about that, and realized that groups.fw is shared
>> among all cluster nodes.
>>>>
>>>> That basically means that the host firewall (node local) is not
>>>> updated automatically if the user updates groups.fw (only works for one
>> node).
>>>>
>>>> So this produces unexpected behavior. What do you think about that?
>>
>> same for tap interface I think.
>
> Oh, you are right :-(
>
>> Maybe using inotify to update firewall rules on groups.fw file update ?
>
> INotify does not work with the cluster file system (/etc/pve).
>
> But we can implement some kind of polling (inside pvestatd).
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list