[pve-devel] firewall : cluster.fw [rules] section ?

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Sun Jul 6 07:17:21 CEST 2014


Am 06.07.2014 um 05:32 schrieb Dietmar Maurer <dietmar at proxmox.com>:

>> BTW, I'll also rework my ipv6 patch.
>> 
>> I thinked about extend $ruleset, to something like
>> 
>> $ruleset->{iptables}->{filter}
>> $ruleset->{iptables}->{nat}
>> $ruleset->{ip6tables}->{filter}
>> $ruleset->{ebtables}->{filter}
>> 
>> Like this, we can manage multi commands and filters.
>> 
>> What do you think about it ?
> 
> Looks good, but I think we should evaluate nftables now (instead of using all those different binaries).
> I have no idea if it is already usable?

Would be nice but it got included upstream in linux 3.13 kernel. I think it's something for RHEL8. And nearly nobody has used it so far. Who knows how many bugs there are.

Stefan



More information about the pve-devel mailing list