From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: laforge@netfilter.org, netfilter-devel@lists.netfilter.org,
usagi-core@linux-ipv6.org, yasuyuki.kozakai@toshiba.co.jp
Subject: Re: [PATCH NF_CONNTRACK] compatible ipt_conntrack
Date: Tue, 30 Aug 2005 00:09:55 +0200 [thread overview]
Message-ID: <431387B3.5020006@trash.net> (raw)
In-Reply-To: <20050829.145750.105363182.davem@davemloft.net>
David S. Miller wrote:
> From: Patrick McHardy <kaber@trash.net>
> Date: Mon, 29 Aug 2005 13:14:49 +0200
>
>
>>I feel reluctant to add complexity just so users can switch between
>>them at runtime. It may be useful for debugging, but it doesn't look
>>like a realistic usage scenario. So I would also prefer having a
>>compile-time choice.
>
>
> What do you expect distribution vendors to do? They keep both
> ipchains and iptables enabled to this day so people can still
> use their old firewalling scripts and setups.
>
> Unless you provide %100 of the existing functionality in the new stuff
> you have to allow the new stuff to coexist with the older stuff in a
> build else distribution vendors will simply ship the new stuff
> disabled, and stay with the old stuff.
>
> I really don't see compile time selection as a viable option.
> Do you?
The plan would be to provide all existing functionality as soon as
possible. The targets and matches should be easy with a compile-time
selections, one or two conntrack helpers still need to ported and NAT
needs to be made possible. It all sounds doable in not too long time,
after that I would expect to get significantly more exposure by a
compile-time option because vendors want the IPv6 support. Of course
I'm open for suggestions ..
next prev parent reply other threads:[~2005-08-29 22:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-20 9:19 [PATCH NF_CONNTRACK] compatible ipt_conntrack Yasuyuki KOZAKAI
2005-08-28 12:21 ` Harald Welte
2005-08-29 11:14 ` Patrick McHardy
[not found] ` <200508291539.j7TFduLF019555@toshiba.co.jp>
2005-08-29 15:49 ` Harald Welte
2005-08-30 6:40 ` Yasuyuki KOZAKAI
[not found] ` <200508291539.j7TFdujr019558@toshiba.co.jp>
2005-08-29 21:01 ` Patrick McHardy
2005-08-29 21:57 ` David S. Miller
2005-08-29 22:09 ` Patrick McHardy [this message]
2005-08-29 15:39 ` Yasuyuki KOZAKAI
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=431387B3.5020006@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=usagi-core@linux-ipv6.org \
--cc=yasuyuki.kozakai@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.