hm. that's unfortunate.
so if a user wanted to use ip filters in an lx zone, how would we
also, is configuring ip filters in a non-global zone a requirement for
having nat'ted zones? (something i'm not sure about since i've never
seen any examples of what such a configuration would look like.)
On Sun, Nov 05, 2006 at 06:20:52PM -0800, Erik Nordmark wrote:
> Darren didn't give much of a motivation.
> -------- Original Message --------
> Subject: Re: BrandZ and IP instances
> Date: Tue, 24 Oct 2006 19:08:12 -0700
> From: [EMAIL PROTECTED]
> To: Erik Nordmark <[EMAIL PROTECTED]>
> CC: [EMAIL PROTECTED]
> References: <[EMAIL PROTECTED]>
> Erik Nordmark wrote:
> >We are talking about what it would mean for the lx brand to work with
> >an exclusive IP instance.
> >Ed said something about iptables:
> > > - wrt to brandz, supporting an exclusive ip instance in an an lx
> > > branded zone will require the implementation of network
> > > interfaces within the lx brand. it will probably involve
> > > a bunch of ioctls and socket operations. also, looking at a centos
> > > machine i see that it uses iptables instead of ipfilters. so all
> > > the iptables configuration system calls would need to be translated
> > > into their corresponding ipfilters commands.
> >The question for you is whether there is a 1-1 mapping between
> >iptables configurations and IP Filter configurations?
> Forget it. While there are roughly similar features available, attempting
> to do this is out of question.
zones-discuss mailing list