The changes by ed9bdd4a813c3438b2379e7990400d48da0ee9a0 made the network setup for Hades administrators easier and transparent through the use of ifupdown instead of a custom script. Changing iptables rules however is still very limited.
The only option, aside from modifying the template, is the HADES_CUSTOM_IPTABLES_INPUT_RULES option and it covers only the INPUT chain of the filter table.
There exist tools for dynamic firewall management on top of iptables, such as firewalld or ufw. Probably, it only make sense to use it for the root network namespace and not for the auth and unauth network namespaces.
The changes by ed9bdd4a813c3438b2379e7990400d48da0ee9a0 made the network setup for Hades administrators easier and transparent through the use of
ifupdowninstead of a custom script. Changingiptablesrules however is still very limited.The only option, aside from modifying the template, is the
HADES_CUSTOM_IPTABLES_INPUT_RULESoption and it covers only theINPUTchain of thefiltertable.There exist tools for dynamic firewall management on top of
iptables, such asfirewalldorufw. Probably, it only make sense to use it for the root network namespace and not for the auth and unauth network namespaces.