[Design] Kernel-based BMC firewall

Joseph Reynolds jrey at linux.ibm.com
Sat Apr 13 06:06:57 AEST 2019


On 2019-03-03 20:00, Joel Stanley wrote:
> On Sat, 2 Mar 2019 at 13:50, jainmjo at gmail.com <jainmjo at gmail.com> 
> wrote:
>> 
>> 
>> On Sat, Mar 2, 2019 at 2:54 AM Joseph Reynolds <jrey at linux.ibm.com> 
>> wrote:
>>> 
>>> 
>>> ## Alternatives Considered
>>> 
>>> A user interface to indicate the firewall's status was considered.
>>> This would invoke iptables and return success only if it showed
>>> firewall rules, something like `iptables -L -n -v`.  This is not
>>> needed for basic function.
>>> 
>>> The `ufw` firewall was considered.  It is implemented in Python which
>>> is being removed from the OpenBMC image.
>> 
>> 
>> iptables is being replaced with nftables (at least in the debian 
>> world). Have you considered nftables?
>> I am very new to OpenBMC. So please correct me if this is not 
>> relevant.
> 
> Agreed. We should be targeting nftables with any new design:
> 
>  https://wiki.nftables.org/wiki-nftables/index.php/Main_Page

Sounds good.  I'll change the design to nft.  Thanks for your input!

- Joseph

> Cheers,
> 
> Joel
> 
> Cheers,
> 
> Joel



More information about the openbmc mailing list