From: Henrik Nordstrom <hno@marasystems.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel <netfilter-devel@lists.samba.org>
Subject: Re: [PATCH}: Make MARK target terminate (resend)
Date: Mon, 1 Jul 2002 12:11:21 +0200 [thread overview]
Message-ID: <200207011211.21398.hno@marasystems.com> (raw)
In-Reply-To: <Pine.LNX.4.33.0207011037260.12444-100000@blackhole.kfki.hu>
Jozsef Kadlecsik wrote:
> - rewrite the IPT_CONTINUE targets as matches
I am not very fond of this.. besides the order dependency it also has the
question on how to easily determine what will happen with the packet.. No
obvious distinction between something that matches packets and something that
modifies packets or internal system state (conntrack, nfmark, ippools etc..).
> - do nothing: the problem can always be solved by introducing custom
> chains :-)
Well.. Not really. Consider for example the LOG "target" where one wants to
use the --log-prefix option to log different cases. Would require a custom
chain per case which is quite cumbersome. But sure, it is in theory doable
just as having all rules duplicated in a single chain is.
> > So the question to the Netfilter core team is if it would be OK to add
> > a new option and "module class" to the userspace tools, and have the
> > existing IPT_CONTINUE targets dual-register as both a target and a
> > match. I can try to whip something together if this is seen as
>
> In my opinion the match solution would be better, cleaner.
So your current opinion is that the IPT_CONTINUE targets should be rewritten
as matches?
Regards
Henrik
next prev parent reply other threads:[~2002-07-01 10:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-29 9:46 [PATCH}: Make MARK target terminate (resend) Patrick McHardy
2002-06-29 10:03 ` Patrick Schaaf
2002-07-02 13:02 ` Patrick McHardy
2002-06-29 10:36 ` Henrik Nordstrom
2002-06-29 12:53 ` Brad Chapman
2002-07-01 7:50 ` Balazs Scheidler
2002-07-02 14:24 ` Harald Welte
2002-07-03 11:24 ` Jozsef Kadlecsik
2002-07-03 11:36 ` Patrick Schaaf
2002-07-03 12:41 ` Fabrice MARIE
2002-07-03 14:45 ` Hervé Eychenne
2002-07-03 23:50 ` Henrik Nordstrom
2002-07-04 23:58 ` Harald Welte
2002-07-05 4:01 ` Fabrice MARIE
2002-07-05 14:21 ` Harald Welte
2002-07-05 19:25 ` Patrick Schaaf
2002-07-05 1:15 ` Joakim Axelsson
2002-07-01 9:47 ` Jozsef Kadlecsik
2002-07-01 10:11 ` Henrik Nordstrom [this message]
2002-07-01 12:08 ` Jozsef Kadlecsik
2002-07-02 15:45 ` Harald Welte
2002-07-02 13:32 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200207011211.21398.hno@marasystems.com \
--to=hno@marasystems.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.