Edward Pilatowicz wrote:
hm.  that's unfortunate.

so if a user wanted to use ip filters in an lx zone, how would we
support this?

Do we know what users might want in this space? Has anybody asked on the brandz-discuss list?

Is the iptables syntax important? Or is IP Filter syntax ok?

Does the non-global lx zone need to control its rules, or is it sufficient if the global zone can filter on its behalf?

also, is configuring ip filters in a non-global zone a requirement for
having nat'ted zones?  (something i'm not sure about since i've never
seen any examples of what such a configuration would look like.)

No. For that you configure IP Filter/ipnat in the global zone.

You can of course have the global zone do IP Filter for the non-global zones as part of that setup.

