On Fri, May 08, 2015 at 10:04:36PM +0200, Karsten Merker wrote: > On Fri, May 08, 2015 at 12:29:03PM -0700, j...@joshtriplett.org wrote: > > On Fri, May 08, 2015 at 09:06:25PM +0200, Karsten Merker wrote: > > > On Fri, May 08, 2015 at 10:50:30AM -0700, Josh Triplett wrote: > > > > Karsten Merker wrote: > > > > > > How is for example iptables supposed to handle changing interface > > > names? > > > > Associate the rules with addresses, names, or other aspects of network > > topology, rather than specific interfaces. > > That is often very impractical - the logical way is often to have > interface-based rules instead of address-based rules. This is > particularly the case with laptops where the network topology on > the "outside" interface changes very often and the only sensible way > to specify rules is using the interface as designator.
So use the interface name as the designator, then. If you really want to, you can turn on MAC-based naming with the new ifnames, with a one-line change to a configuration file. > > And for servers or routers (the common case for iptables usage), ifnames > > should provide quite stable names. > > Well, I think that running iptables on a laptop is also an > absolutely common case, in particular as laptops are often > running in "foreign" networks. iptables the underlying technology? Sure, absolutely. iptables directly, via fragile scripts that hard-code interface names? There are much better alternatives for most common cases. - Josh Triplett _______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
