Erik Nordmark wrote:
Edward Pilatowicz wrote:

so if a user wanted to use ip filters in an lx zone, how would we
support this?

Do we know what users might want in this space? Has anybody asked on the brandz-discuss list?

Is the iptables syntax important? Or is IP Filter syntax ok?

Does the non-global lx zone need to control its rules, or is it sufficient if the global zone can filter on its behalf?

There seem to be two very different views on similar issues:

* The SP's want all controls to be enforced by the global zone (look at all the new RM controls going into U4, enforced by the GZ)

* The data centers are mixed, but many want controls (e.g. routing) at the non-global zone level.

Given that, it makes sense to conclude that we would want to provide enforcement in the GZ, with the option to delegate that authority to the NGZ.

Jeff VICTOR              Sun Microsystems            jeff.victor @
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:
zones-discuss mailing list

Reply via email to