[pve-devel] firewall : cluster.fw [rules] section ?

Alexandre DERUMIER aderumier at odiso.com
Sun Jul 6 12:07:21 CEST 2014


>>Looks good, but I think we should evaluate nftables now (instead of using all those different binaries). 
>>I have no idea if it is already usable? 

available since rhel7 rc2, but it's a techpreview

nftables has just been tagged to v0.3
http://git.netfilter.org/nftables/log/


and the only doc I found is
https://home.regit.org/netfilter-en/nftables-quick-howto/



----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: "pve-devel" <pve-devel at pve.proxmox.com>, "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
Envoyé: Dimanche 6 Juillet 2014 05:32:01 
Objet: RE: [pve-devel] firewall : cluster.fw [rules] section ? 

> BTW, I'll also rework my ipv6 patch. 
> 
> I thinked about extend $ruleset, to something like 
> 
> $ruleset->{iptables}->{filter} 
> $ruleset->{iptables}->{nat} 
> $ruleset->{ip6tables}->{filter} 
> $ruleset->{ebtables}->{filter} 
> 
> Like this, we can manage multi commands and filters. 
> 
> What do you think about it ? 

Looks good, but I think we should evaluate nftables now (instead of using all those different binaries). 
I have no idea if it is already usable? 


More information about the pve-devel mailing list