[pve-devel] firewall : cluster.fw [rules] section ?
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Sun Jul 6 07:17:21 CEST 2014
Am 06.07.2014 um 05:32 schrieb Dietmar Maurer <dietmar at proxmox.com>:
>> BTW, I'll also rework my ipv6 patch.
>>
>> I thinked about extend $ruleset, to something like
>>
>> $ruleset->{iptables}->{filter}
>> $ruleset->{iptables}->{nat}
>> $ruleset->{ip6tables}->{filter}
>> $ruleset->{ebtables}->{filter}
>>
>> Like this, we can manage multi commands and filters.
>>
>> What do you think about it ?
>
> Looks good, but I think we should evaluate nftables now (instead of using all those different binaries).
> I have no idea if it is already usable?
Would be nice but it got included upstream in linux 3.13 kernel. I think it's something for RHEL8. And nearly nobody has used it so far. Who knows how many bugs there are.
Stefan
More information about the pve-devel
mailing list