>> >>Though a bit more about that, and realized that groups.fw is shared among all >>cluster nodes. >> >>That basically means that the host firewall (node local) is not updated >>automatically if the user >>updates groups.fw (only works for one node). >> >>So this produces unexpected behavior. What do you think about that?
same for tap interface I think. Maybe using inotify to update firewall rules on groups.fw file update ? ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mercredi 19 Février 2014 17:25:47 Objet: RE: hosts.fw and security groups > >>I think it would be great to allow the use of security groups for the host > firewall. > >>Do you think that is possible? > > Yes, I think it's not a problem, now that we are using mark Though a bit more about that, and realized that groups.fw is shared among all cluster nodes. That basically means that the host firewall (node local) is not updated automatically if the user updates groups.fw (only works for one node). So this produces unexpected behavior. What do you think about that? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
