[pve-devel] firewall : cluster.fw [rules] section ?
Alexandre DERUMIER
aderumier at odiso.com
Sun Jul 6 12:07:21 CEST 2014
>>Looks good, but I think we should evaluate nftables now (instead of using all those different binaries).
>>I have no idea if it is already usable?
available since rhel7 rc2, but it's a techpreview
nftables has just been tagged to v0.3
http://git.netfilter.org/nftables/log/
and the only doc I found is
https://home.regit.org/netfilter-en/nftables-quick-howto/
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>, "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
Envoyé: Dimanche 6 Juillet 2014 05:32:01
Objet: RE: [pve-devel] firewall : cluster.fw [rules] section ?
> BTW, I'll also rework my ipv6 patch.
>
> I thinked about extend $ruleset, to something like
>
> $ruleset->{iptables}->{filter}
> $ruleset->{iptables}->{nat}
> $ruleset->{ip6tables}->{filter}
> $ruleset->{ebtables}->{filter}
>
> Like this, we can manage multi commands and filters.
>
> What do you think about it ?
Looks good, but I think we should evaluate nftables now (instead of using all those different binaries).
I have no idea if it is already usable?
More information about the pve-devel
mailing list