On Wed, 6 Oct 2010, Richard W.M. Jones wrote: > Seems quite complex. What's wrong with a directory: > > /etc/iptables.d/ > > where RPMs like libvirt just drop the required additional rules (in a > separate chain if you like) and restart the iptables service? It's > low-tech but simple and it's all that libvirt needs. As iptables are 'first match wins', there is a need to be willing to commit to documenting a SNN type mechanism, and to maintain it long term as well Considering the upstart and related 'dependency driven' initscript mechanisms are all the vogue in some quarters these days as well, integrating this as devices come and go, and those devices optionally carry with them new network connectivity patterns, appearing and disappearing, it is not clear this is very workable -- Russ herrold -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
