[Design] Kernel-based BMC firewall
Joel Stanley
joel at jms.id.au
Mon Mar 4 13:00:31 AEDT 2019
On Sat, 2 Mar 2019 at 13:50, jainmjo at gmail.com <jainmjo at gmail.com> wrote:
>
>
> On Sat, Mar 2, 2019 at 2:54 AM Joseph Reynolds <jrey at linux.ibm.com> wrote:
>>
>>
>> ## Alternatives Considered
>>
>> A user interface to indicate the firewall's status was considered.
>> This would invoke iptables and return success only if it showed
>> firewall rules, something like `iptables -L -n -v`. This is not
>> needed for basic function.
>>
>> The `ufw` firewall was considered. It is implemented in Python which
>> is being removed from the OpenBMC image.
>
>
> iptables is being replaced with nftables (at least in the debian world). Have you considered nftables?
> I am very new to OpenBMC. So please correct me if this is not relevant.
Agreed. We should be targeting nftables with any new design:
https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
Cheers,
Joel
Cheers,
Joel
More information about the openbmc
mailing list