Am 08.07.2014 00:25, schrieb Alexandre DERUMIER: >>> Sure, but especially in this case i wouldn't go with nftables. Nobody >>> knows how many bugs there arre. How many crashes in kernel or userspace >>> somebody has to expect. And even nobody knows when it will be declared >>> stable. > > I should have a full ebtables + ip6tables patch for next week I think.
Great and thanks for your work. Stefan > nftable seem really to not be ready soon. (I have add other commands segfault > and found missing features in current redhat kernel too) > ----- Mail original ----- > > De: "Stefan Priebe" <s.pri...@profihost.ag> > À: "Dietmar Maurer" <diet...@proxmox.com>, "Alexandre DERUMIER" > <aderum...@odiso.com> > Cc: "pve-devel" <pve-devel@pve.proxmox.com> > Envoyé: Lundi 7 Juillet 2014 21:01:15 > Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ? > > > Am 07.07.2014 15:48, schrieb Dietmar Maurer: >>> I really would love to see the mac filter for layer2 in the first release. >>> At least to >>> me it's a pretty important thing. Otherwise the current mac filter is >>> pretty >>> "useless". >> >> Maybe it is useles for hosters, but it is very useful for small enterprises. > > Sorry useless was a bit harsh - that's why i put it into ticks. I thing > it's simply not complete. Somebody checking mac filter might expect > something different not only on layer 3 basis. > > I'm not thinking about hosters. I don't care about me ;-) i can just add > it to the code using ebtables myself. > > I was caring about pve users expecting something which it isn't. > >> I want to release that >> asap, and don't really want to add new features right now. > > OK. > >> We also need to carefully utilize our resources, so anything that saves work >> is good. >> doing things twice is only possible if someone pay for that. > > Sure, but especially in this case i wouldn't go with nftables. Nobody > knows how many bugs there arre. How many crashes in kernel or userspace > somebody has to expect. And even nobody knows when it will be declared > stable. > > Greets, > Stefan > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
