Erik Nordmark wrote:
Edward Pilatowicz wrote:
so if a user wanted to use ip filters in an lx zone, how would we
support this?
Do we know what users might want in this space? Has anybody asked on the
brandz-discuss list?
Is the iptables syntax important? Or is IP Filter syntax ok?
Does the non-global lx zone need to control its rules, or is it
sufficient if the global zone can filter on its behalf?
There seem to be two very different views on similar issues:
* The SP's want all controls to be enforced by the global zone (look at all the
new RM controls going into U4, enforced by the GZ)
* The data centers are mixed, but many want controls (e.g. routing) at the
non-global zone level.
Given that, it makes sense to conclude that we would want to provide enforcement
in the GZ, with the option to delegate that authority to the NGZ.
--------------------------------------------------------------------------
Jeff VICTOR Sun Microsystems jeff.victor @ sun.com
OS Ambassador Sr. Technical Specialist
Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
[email protected]
