Am 06.07.2014 um 05:32 schrieb Dietmar Maurer <diet...@proxmox.com>:
>> BTW, I'll also rework my ipv6 patch.
>>
>> I thinked about extend $ruleset, to something like
>>
>> $ruleset->{iptables}->{filter}
>> $ruleset->{iptables}->{nat}
>> $ruleset->{ip6tables}->{filter}
>> $ruleset->{ebtables}->{filter}
>>
>> Like this, we can manage multi commands and filters.
>>
>> What do you think about it ?
>
> Looks good, but I think we should evaluate nftables now (instead of using all
> those different binaries).
> I have no idea if it is already usable?
Would be nice but it got included upstream in linux 3.13 kernel. I think it's
something for RHEL8. And nearly nobody has used it so far. Who knows how many
bugs there are.
Stefan
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
