[pve-devel] firewall : cluster.fw [rules] section ?

Stefan Priebe s.priebe at profihost.ag
Mon Jul 7 21:01:15 CEST 2014


Am 07.07.2014 15:48, schrieb Dietmar Maurer:
>> I really would love to see the mac filter for layer2 in the first release. At least to
>> me it's a pretty important thing. Otherwise the current mac filter is pretty
>> "useless".
>
> Maybe it is useles for hosters, but it is very useful for small enterprises.

Sorry useless was a bit harsh - that's why i put it into ticks. I thing 
it's simply not complete. Somebody checking mac filter might expect 
something different not only on layer 3 basis.

I'm not thinking about hosters. I don't care about me ;-) i can just add 
it to the code using ebtables myself.

I was caring about pve users expecting something which it isn't.

 > I want to release that
> asap, and don't really want to add new features right now.

OK.

> We also need to carefully utilize our resources, so anything that saves work is good.
> doing things twice is only possible if someone pay for that.

Sure, but especially in this case i wouldn't go with nftables. Nobody 
knows how many bugs there arre. How many crashes in kernel or userspace 
somebody has to expect. And even nobody knows when it will be declared 
stable.

Greets,
Stefan


More information about the pve-devel mailing list