Proposal: enable stateless persistant network interface names
josh at joshtriplett.org
josh at joshtriplett.org
Fri May 8 21:33:06 BST 2015
On Fri, May 08, 2015 at 10:04:36PM +0200, Karsten Merker wrote:
> On Fri, May 08, 2015 at 12:29:03PM -0700, josh at joshtriplett.org wrote:
> > On Fri, May 08, 2015 at 09:06:25PM +0200, Karsten Merker wrote:
> > > On Fri, May 08, 2015 at 10:50:30AM -0700, Josh Triplett wrote:
> > > > Karsten Merker wrote:
> > >
> > > How is for example iptables supposed to handle changing interface
> > > names?
> >
> > Associate the rules with addresses, names, or other aspects of network
> > topology, rather than specific interfaces.
>
> That is often very impractical - the logical way is often to have
> interface-based rules instead of address-based rules. This is
> particularly the case with laptops where the network topology on
> the "outside" interface changes very often and the only sensible way
> to specify rules is using the interface as designator.
So use the interface name as the designator, then. If you really want
to, you can turn on MAC-based naming with the new ifnames, with a
one-line change to a configuration file.
> > And for servers or routers (the common case for iptables usage), ifnames
> > should provide quite stable names.
>
> Well, I think that running iptables on a laptop is also an
> absolutely common case, in particular as laptops are often
> running in "foreign" networks.
iptables the underlying technology? Sure, absolutely.
iptables directly, via fragile scripts that hard-code interface names?
There are much better alternatives for most common cases.
- Josh Triplett
More information about the Pkg-systemd-maintainers
mailing list