[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH V2 00/10] Make inner workings of nwfilters more flexible + extensions




-----Matthias Bolte <matthias bolte googlemail com> wrote: -----

>
>Well, you miss the point that nwfilters is meant as a general
>firewall
>interface. ebtables/iptables just happens to be an implementation of
>this interface. Using ebtables/iptables specific shell scripts would
>replace the generic interface with something specific to
>ebtables/iptables.

           No, I just don't agree with it. I think an administrator on OS "X"
is already familiar with the firewall capabilities on his/her OS and so having
a new, less-capable abstraction instead of the firewall s/he already knows
is not a benefit. If these were instead hooks in libvirt that called sample scripts
per-OS, administrators could easily do whatever they want to do when an
interface is brought up, brought down, or migrated. They could then also
make full use of their firewall capabilities and customize completely as
needed.

                                                                      +-DLS



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]