[pve-devel] firewall : cluster.fw [rules] section ?
Stefan Priebe
s.priebe at profihost.ag
Mon Jul 7 21:01:15 CEST 2014
Am 07.07.2014 15:48, schrieb Dietmar Maurer:
>> I really would love to see the mac filter for layer2 in the first release. At least to
>> me it's a pretty important thing. Otherwise the current mac filter is pretty
>> "useless".
>
> Maybe it is useles for hosters, but it is very useful for small enterprises.
Sorry useless was a bit harsh - that's why i put it into ticks. I thing
it's simply not complete. Somebody checking mac filter might expect
something different not only on layer 3 basis.
I'm not thinking about hosters. I don't care about me ;-) i can just add
it to the code using ebtables myself.
I was caring about pve users expecting something which it isn't.
> I want to release that
> asap, and don't really want to add new features right now.
OK.
> We also need to carefully utilize our resources, so anything that saves work is good.
> doing things twice is only possible if someone pay for that.
Sure, but especially in this case i wouldn't go with nftables. Nobody
knows how many bugs there arre. How many crashes in kernel or userspace
somebody has to expect. And even nobody knows when it will be declared
stable.
Greets,
Stefan
More information about the pve-devel
mailing list