hm.  that's unfortunate.

so if a user wanted to use ip filters in an lx zone, how would we
support this?

also, is configuring ip filters in a non-global zone a requirement for
having nat'ted zones?  (something i'm not sure about since i've never
seen any examples of what such a configuration would look like.)

ed


On Sun, Nov 05, 2006 at 06:20:52PM -0800, Erik Nordmark wrote:
>
> FYI.
>
> Darren didn't give much of a motivation.
>
>    Erik
>
> -------- Original Message --------
> Subject: Re: BrandZ and IP instances
> Date: Tue, 24 Oct 2006 19:08:12 -0700
> From: [EMAIL PROTECTED]
> To: Erik Nordmark <[EMAIL PROTECTED]>
> CC: [EMAIL PROTECTED]
> References: <[EMAIL PROTECTED]>
> e
> Erik Nordmark wrote:
>
> >
> >We are talking about what it would mean for the lx brand to work with
> >an exclusive IP instance.
> >
> >Ed said something about iptables:
> >
> > > - wrt to brandz, supporting an exclusive ip instance in an an lx
> > >   branded zone will require the implementation of network
> >configuration
> > >   interfaces within the lx brand.  it will probably involve
> >translating
> > >   a bunch of ioctls and socket operations.  also, looking at a centos
> > >   machine i see that it uses iptables instead of ipfilters.  so all
> > >   the iptables configuration system calls would need to be translated
> > >   into their corresponding ipfilters commands.
> >
> >The question for you is whether there is a 1-1 mapping between
> >iptables configurations and IP Filter configurations?
>
>
> Forget it.  While there are roughly similar features available, attempting
> to do this is out of question.
>
> Darren
>
>
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to