* MARK target with bitwise and/or.
@ 2003-01-07 21:04 Anders Fugmann
0 siblings, 0 replies; only message in thread
From: Anders Fugmann @ 2003-01-07 21:04 UTC (permalink / raw)
To: netfilter-devel
Hi.
I'm currently developing/maintaining a generic firewall called FIAIF[1].
In this firewall I classify traffic into security zones. Rules limit
traffic between zones and traffic from each zone to the firewall itself.
Now, in order to ease rule generation, I would have liked to use the
MARK target to mark from which zone traffic originates, and to which
zone traffic is destined. This would really cut down the number of rules
generated by the scripts, and simplify coding quite a bit.
But to implement the above requires the MARK target patch from POM which
supports bitwise and/or on the mark target - which btw. is marked broken
(I havent tested it). Even if it do work, I cannot use it, as I cannot
request the users of the firewall to patch the kernel and userspace
iptables to use the firewall.
How can I push for this to be included in the kernel and included in
userspace netfilter.
I'm willing to test, code and supply patches but I'm only interrested in
doing so if there is a chance for this to be included in mainstream.
Regards
Anders Fugmann
P.s.
Please cc me on replies, as I'm not subscribed to this list.
[1]: http://fiaif.fugmann.dhs.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-01-07 21:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-07 21:04 MARK target with bitwise and/or Anders Fugmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.