Am 09.07.2014 16:11, schrieb Alexandre DERUMIER: > Hi, > > some news, I have finished the ip6tables implementation, I'll send patches > tomorrow ! > > (I'll work on ebtables this weekend)
Great! Stefan > ----- Mail original ----- > > De: "Alexandre DERUMIER" <aderum...@odiso.com> > À: "Stefan Priebe - Profihost AG" <s.pri...@profihost.ag> > Cc: "pve-devel" <pve-devel@pve.proxmox.com> > Envoyé: Mardi 8 Juillet 2014 10:43:31 > Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ? > >>> Great and thanks for your work. > > I'm going to holiday on 17 July, so I'll try to send patches before. > > > ----- Mail original ----- > > De: "Stefan Priebe - Profihost AG" <s.pri...@profihost.ag> > À: "Alexandre DERUMIER" <aderum...@odiso.com> > Cc: "pve-devel" <pve-devel@pve.proxmox.com>, "Dietmar Maurer" > <diet...@proxmox.com> > Envoyé: Mardi 8 Juillet 2014 10:32:51 > Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ? > > Am 08.07.2014 00:25, schrieb Alexandre DERUMIER: >>>> Sure, but especially in this case i wouldn't go with nftables. Nobody >>>> knows how many bugs there arre. How many crashes in kernel or userspace >>>> somebody has to expect. And even nobody knows when it will be declared >>>> stable. >> >> I should have a full ebtables + ip6tables patch for next week I think. > > Great and thanks for your work. > > Stefan > >> nftable seem really to not be ready soon. (I have add other commands >> segfault and found missing features in current redhat kernel too) > > >> ----- Mail original ----- >> >> De: "Stefan Priebe" <s.pri...@profihost.ag> >> À: "Dietmar Maurer" <diet...@proxmox.com>, "Alexandre DERUMIER" >> <aderum...@odiso.com> >> Cc: "pve-devel" <pve-devel@pve.proxmox.com> >> Envoyé: Lundi 7 Juillet 2014 21:01:15 >> Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ? >> >> >> Am 07.07.2014 15:48, schrieb Dietmar Maurer: >>>> I really would love to see the mac filter for layer2 in the first release. >>>> At least to >>>> me it's a pretty important thing. Otherwise the current mac filter is >>>> pretty >>>> "useless". >>> >>> Maybe it is useles for hosters, but it is very useful for small >>> enterprises. >> >> Sorry useless was a bit harsh - that's why i put it into ticks. I thing >> it's simply not complete. Somebody checking mac filter might expect >> something different not only on layer 3 basis. >> >> I'm not thinking about hosters. I don't care about me ;-) i can just add >> it to the code using ebtables myself. >> >> I was caring about pve users expecting something which it isn't. >> >>> I want to release that >>> asap, and don't really want to add new features right now. >> >> OK. >> >>> We also need to carefully utilize our resources, so anything that saves >>> work is good. >>> doing things twice is only possible if someone pay for that. >> >> Sure, but especially in this case i wouldn't go with nftables. Nobody >> knows how many bugs there arre. How many crashes in kernel or userspace >> somebody has to expect. And even nobody knows when it will be declared >> stable. >> >> Greets, >> Stefan >> > _______________________________________________ > pve-devel mailing list > pve-devel@pve.proxmox.com > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
