[Design] Kernel-based BMC firewall
Joseph Reynolds
jrey at linux.ibm.com
Sat Apr 13 06:06:57 AEST 2019
On 2019-03-03 20:00, Joel Stanley wrote:
> On Sat, 2 Mar 2019 at 13:50, jainmjo at gmail.com <jainmjo at gmail.com>
> wrote:
>>
>>
>> On Sat, Mar 2, 2019 at 2:54 AM Joseph Reynolds <jrey at linux.ibm.com>
>> wrote:
>>>
>>>
>>> ## Alternatives Considered
>>>
>>> A user interface to indicate the firewall's status was considered.
>>> This would invoke iptables and return success only if it showed
>>> firewall rules, something like `iptables -L -n -v`. This is not
>>> needed for basic function.
>>>
>>> The `ufw` firewall was considered. It is implemented in Python which
>>> is being removed from the OpenBMC image.
>>
>>
>> iptables is being replaced with nftables (at least in the debian
>> world). Have you considered nftables?
>> I am very new to OpenBMC. So please correct me if this is not
>> relevant.
>
> Agreed. We should be targeting nftables with any new design:
>
> https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
Sounds good. I'll change the design to nft. Thanks for your input!
- Joseph
> Cheers,
>
> Joel
>
> Cheers,
>
> Joel
More information about the openbmc
mailing list