From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anders Fugmann Subject: MARK target with bitwise and/or. Date: Tue, 07 Jan 2003 22:04:32 +0100 Sender: netfilter-devel-admin@lists.netfilter.org Message-ID: <3E1B40E0.404@fugmann.dhs.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Return-path: To: netfilter-devel@lists.netfilter.org Errors-To: netfilter-devel-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: netfilter-devel.vger.kernel.org Hi. I'm currently developing/maintaining a generic firewall called FIAIF[1]. In this firewall I classify traffic into security zones. Rules limit traffic between zones and traffic from each zone to the firewall itself. Now, in order to ease rule generation, I would have liked to use the MARK target to mark from which zone traffic originates, and to which zone traffic is destined. This would really cut down the number of rules generated by the scripts, and simplify coding quite a bit. But to implement the above requires the MARK target patch from POM which supports bitwise and/or on the mark target - which btw. is marked broken (I havent tested it). Even if it do work, I cannot use it, as I cannot request the users of the firewall to patch the kernel and userspace iptables to use the firewall. How can I push for this to be included in the kernel and included in userspace netfilter. I'm willing to test, code and supply patches but I'm only interrested in doing so if there is a chance for this to be included in mainstream. Regards Anders Fugmann P.s. Please cc me on replies, as I'm not subscribed to this list. [1]: http://fiaif.fugmann.dhs.org