On Wed, Oct 19, 2011 at 03:14:20PM -0600, David Stevens wrote: > -----Matthias Bolte [1]<matthias.bolte@xxxxxxxxxxxxxx> wrote: ----- > > > >Well, you miss the point that nwfilters is meant as a general > >firewall > >interface. ebtables/iptables just happens to be an implementation of > >this interface. Using ebtables/iptables specific shell scripts would > >replace the generic interface with something specific to > >ebtables/iptables. > > No, I just don't agree with it. I think an administrator on OS > "X" > is already familiar with the firewall capabilities on his/her OS and so > having > a new, less-capable abstraction instead of the firewall s/he already knows > is not a benefit. If these were instead hooks in libvirt that called > sample scripts > per-OS, administrators could easily do whatever they want to do when an > interface is brought up, brought down, or migrated. They could then also > make full use of their firewall capabilities and customize completely as > needed. Whether you agree with it or not is irrelevant for libvirt patch review discussions. The abstraction into a implementation independant syntax & API is the primary reason for libvirt's existance, and is not up for debate. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list