On Mon, Nov 06, 2006 at 12:37:01PM -0800, Erik Nordmark wrote:
> Edward Pilatowicz wrote:
> >hm.  that's unfortunate.
> >
> >so if a user wanted to use ip filters in an lx zone, how would we
> >support this?
>
> Do we know what users might want in this space? Has anybody asked on the
> brandz-discuss list?
>

not that i know of.

> Is the iptables syntax important? Or is IP Filter syntax ok?
>

well, since darren indicated that translating between the two would
be out of the question,  i guess that if we got a requirement for
this functionality we would have to go with ip filters syntax.

> Does the non-global lx zone need to control its rules, or is it
> sufficient if the global zone can filter on its behalf?
>

i guess either could work.  (we have very limited support for running
native solaris binaries in a non-global branded zone and we could
probably augment these facilities to ensure that we could run
whatever small config binary we would need.)

but given a lack of requirements here it's just speculation at this
point.

> >also, is configuring ip filters in a non-global zone a requirement for
> >having nat'ted zones?  (something i'm not sure about since i've never
> >seen any examples of what such a configuration would look like.)
>
> No. For that you configure IP Filter/ipnat in the global zone.
>
> You can of course have the global zone do IP Filter for the non-global
> zones as part of that setup.
>


that's sounds good.  (since this is something that peole ask for.)

thanks
ed
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to