> any comments for theses patches ?
OK, I have now committed your patches, and removed shorewall specific code.
I do not really like the use of a global variable @ruleset to store rules.
Also, It is a bit unclear to me how you plan to do updates. There is code like:
if(!iptables_rule_exist($rule)){
iptables_addrule("-I $rule");
}
but how do you remove rules for removed VMs (or removed network interfaces)
then?
Also, the order of rules inside a ruleset is important, so how do you track
ordering changes?
IMHO this is really impossible using code like
"if(!iptables_rule_exist($rule))"
Wouldn't it be easier to always restore the full ruleset?
_______________________________________________
pve-devel mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
