[pve-devel] firewall : cluster.fw [rules] section ?
Alexandre DERUMIER
aderumier at odiso.com
Sun Jul 6 11:35:25 CEST 2014
>>Would be nice but it got included upstream in linux 3.13 kernel. I think it's something for RHEL8.
Seem that's is already available in rhel7
http://www.slideee.com/slide/the-next-generation-firewall-for-red-hat-enterprise-linux-7-rc
>>Who knows how many bugs there are.
But, yes, I'm also a bit worried to already use it, not sure it's stable and don't have security hole inside.
----- Mail original -----
De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
À: "Dietmar Maurer" <dietmar at proxmox.com>
Cc: "Alexandre DERUMIER" <aderumier at odiso.com>, "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Dimanche 6 Juillet 2014 07:17:21
Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ?
Am 06.07.2014 um 05:32 schrieb Dietmar Maurer <dietmar at proxmox.com>:
>> BTW, I'll also rework my ipv6 patch.
>>
>> I thinked about extend $ruleset, to something like
>>
>> $ruleset->{iptables}->{filter}
>> $ruleset->{iptables}->{nat}
>> $ruleset->{ip6tables}->{filter}
>> $ruleset->{ebtables}->{filter}
>>
>> Like this, we can manage multi commands and filters.
>>
>> What do you think about it ?
>
> Looks good, but I think we should evaluate nftables now (instead of using all those different binaries).
> I have no idea if it is already usable?
Would be nice but it got included upstream in linux 3.13 kernel. I think it's something for RHEL8. And nearly nobody has used it so far. Who knows how many bugs there are.
Stefan
More information about the pve-devel
mailing list