Matt Heon
Matt Heon
I have no objection to implementing this, but I begin to wonder if it isn't time to start implementing support for reading a (subset of) containers.conf in Netavark, so we...
This is definitely part of the remaining work for firewalld
Firewalld backend needs some work for port-forwarding (specifically, a bit of code needs to be written to use rich rules to handle port forwards from only a single host IP),...
No, we're not covering routed usage with Netavark at all, generally speaking. That sounds like a separate feature request. I think it would add a moderate amount of complexity to...
This is probably going to break certain functionality (internal networks, definitely, probably also IPv6 will act strange since we can't configure neighbor advertisements properly).
All of our firewall code should be IP based (I don't think we can reasonably do NAT or other firewall operations without a source subnet). So I think it is...
Yeah, that's reasonable. There's no reason for the firewall code to be called at all if the interface we're configuring doesn't have an IP.
(Well, a Netavark-managed IP at least)
The firewalld driver will do this, when I finally get the time to finish it. Honestly, at this point, I should just find a weekend and hack it out, it's...
CI test failures round 1 are expected. I will disable those tests until https://github.com/containers/aardvark-dns/pull/447 merges