From: "Max R. Carrara" <m.carrara@proxmox.com>
To: "Thomas Lamprecht" <t.lamprecht@proxmox.com>,
"Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [RFC pve-firewall v1 1/1] pve-firewall.service: update-alternatives to {ip, eb}tables-nft
Date: Mon, 04 Aug 2025 09:53:09 +0200 [thread overview]
Message-ID: <DBTHBGTJXE1N.306BVUGNNUZ6X@proxmox.com> (raw)
In-Reply-To: <7d9ddaf4-d2f8-4953-b3e9-8a3f2d045e5f@proxmox.com>
On Fri Aug 1, 2025 at 6:24 PM CEST, Thomas Lamprecht wrote:
> Am 01.08.25 um 18:07 schrieb Max R. Carrara:
> >> An implementation option might be using an node-local environment file
> >> sourced by the unit file, e.g.
> >>
> >> Environment="VARIANT=legacy"
> >> EnvironmentFile=-/var/lib/pve-firewall/tables-variant
> >>
> >> ExecStartPre=-/usr/bin/update-alternatives --set ebtables-${VARIANT}
> >> ...
> > That's a good idea actually! I'll see what I can do on Monday.
>
> And FWIW, we do not have to chase down this road, moving the
> whole update-alternatives into a dedicated script might be also an
> option, as could make us also re-use a node option or the like and
> have the implementation do some error checking before trying to
> execute anything.
> OTOH. if we can really default to the nft based ones in a next
> point release and drop support for switching in PVE 10 or so
> it might not be worth to do much extra work here for something
> that is rather short lived anyway; for me either option is fine
> (if it works naturally ^^), just wanted to avoid that you think
> this is the only acceptable way.
Oh yeah, no worries—I'll see whatever works best, as in, has the best
utility-to-implementation-time ratio :P
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-08-04 7:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-01 15:45 [pve-devel] [RFC pve-firewall v1 0/1] Silence ebtables Audit Messages in dmesg Max R. Carrara
2025-08-01 15:45 ` [pve-devel] [RFC pve-firewall v1 1/1] pve-firewall.service: update-alternatives to {ip, eb}tables-nft Max R. Carrara
2025-08-01 16:00 ` Thomas Lamprecht
2025-08-01 16:07 ` Max R. Carrara
2025-08-01 16:24 ` Thomas Lamprecht
2025-08-04 7:53 ` Max R. Carrara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBTHBGTJXE1N.306BVUGNNUZ6X@proxmox.com \
--to=m.carrara@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox