From: varun <varun@rocsys.com>
To: Sebastien Tandel <standel@info.ucl.ac.be>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: iptables doubt
Date: Fri, 14 Apr 2006 09:12:24 +0530 [thread overview]
Message-ID: <443F1A20.4060301@rocsys.com> (raw)
In-Reply-To: <443E5D3B.7000608@info.ucl.ac.be>
Hi,
By the way can you tell me which is the structure that holds
the rule ie when i give iptables -t filter -A FORWARD -j REJECT
Which struct in kernel which holds the rule and which is the
function that adds the rule from user space to the list in kernel?
I assume that we are maintaing stack implementation for holding
rules on one table am i right?
Varun
Sebastien Tandel wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi,
>
>varun wrote:
>
>
>>Hi Sebastien,
>>
>> Well i do not want to use policy from user space
>>because , the very need for me to do this activity is to play around and
>>get to understand netfilter iptables.
>>
>>
>
>ok ... that's the point :)
>
>
>
>> The features i want to implement like that
>>priority for policy is that imagine a scenario where user added some
>>policies and then for some reason wants one policy to be checked before
>>checking others then he would have to add the policy again and delete
>>the old policy isint it?
>>
>>
>
>Yes it is correct ... even if this may seem curious I think it is not
>the worth to add such a mechanism to netfilter. IMHO, a switch option
>'-M' (MOVE) would be sufficient but not with all these unique-id's ... I
>fear that with the time this number list would be completely fragmented
>and human-unreadable
>I don't know wether it had already been discussed on this mailing-list.
>IMHO, it is not a strong requirement for iptables/netfilter and this
>situation may be handled in a semi-automatic way with a user script
>(with the danger, however, of having a race condition with another user
>script changing netfilter too).
>Of course, if it is another exercise to play with netfilter do it and
>have fun ;)
>
>
>
>> By the thanx for the help man and can you
>>suggest me some good mailing list which deal with iptables development
>>where newbies like me could get some help. This mailing list does not
>>seem to help newbies much.
>>
>>
>
>Unfortunately, I don't know any other mailing list devoted to netfilter. :-/
>
>sta
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFEPl07w76McB8jGxkRAi5cAJ0TPTCHg3ENQtf/7OMS8NQvlfqglgCfUkJp
>GMvcI8Bety73ooSHNMQM/3I=
>=ztZe
>-----END PGP SIGNATURE-----
>
>
>
next prev parent reply other threads:[~2006-04-14 3:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-12 13:54 iptables doubt varun
[not found] ` <443E21C1.9090508@info.ucl.ac.be>
[not found] ` <443E341F.1080206@rocsys.com>
2006-04-13 12:24 ` Sebastien Tandel
2006-04-13 13:01 ` varun
2006-04-13 13:16 ` Sebastien Tandel
2006-04-13 13:53 ` varun
2006-04-13 14:16 ` Sebastien Tandel
2006-04-14 3:42 ` varun [this message]
2006-04-13 16:04 ` Sven-Haegar Koch
2006-04-14 3:33 ` varun
-- strict thread matches above, loose matches on Subject: below --
2006-04-13 10:14 Sebastien Tandel
2006-04-13 16:57 Sebastien Tandel
2006-04-26 7:09 varun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=443F1A20.4060301@rocsys.com \
--to=varun@rocsys.com \
--cc=netfilter-devel@lists.netfilter.org \
--cc=standel@info.ucl.ac.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.