Comment 6 for bug 1508155
Revision history for this message
| Akihiro Motoki (amotoki) wrote Re: NFTables Firewall Driver | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
NFTables for Linux bridge sounds good.
For OVS, I tend to agree with ajo.
we use OVS tables for various purposes and NFtables is a wrapper for OVS/CT.
It is better to use OVS table in a native way as long as it becomes too complicated and/or reinvents an existing things.
One concern on ovs-firewall-driver ([1] above) is that security group API change was proposed as a part of the work. This blocked subsequent effort. Changing SG API is not a good idea. The situation might have changed since then. If the situation changed, I think OVS firewall is a good direction.