>>INotify does not work with the cluster file system (/etc/pve). ok, I didn't known.
>>But we can implement some kind of polling (inside pvestatd). Yes. (do we need to compute all chains ? or only group chains and update them if checksum change ?) ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mercredi 19 Février 2014 17:51:29 Objet: RE: hosts.fw and security groups > >>Though a bit more about that, and realized that groups.fw is shared > among all cluster nodes. > >> > >>That basically means that the host firewall (node local) is not > >>updated automatically if the user updates groups.fw (only works for one > node). > >> > >>So this produces unexpected behavior. What do you think about that? > > same for tap interface I think. Oh, you are right :-( > Maybe using inotify to update firewall rules on groups.fw file update ? INotify does not work with the cluster file system (/etc/pve). But we can implement some kind of polling (inside pvestatd). _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
