From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH 1/1] Re: dangerous? Setting mark in nat table Date: Wed, 14 Mar 2007 14:08:22 +0100 Message-ID: <45F7F3C6.3060908@trash.net> References: <45F6CD7C.40708@ufomechanic.net> <1173868532.26913.39.camel@henriknordstrom.net> <45F7D657.8070907@trash.net> <1173876211.26913.73.camel@henriknordstrom.net> <45F7F027.9050300@ufomechanic.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: netfilter-devel@lists.netfilter.org, Jan Engelhardt , Henrik Nordstrom To: Amin Azez Return-path: In-Reply-To: <45F7F027.9050300@ufomechanic.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Amin Azez wrote: > Signed-off-by: Sam Liddicott > ------------------------------------------------------------------------ > > Index: linux-2.6.17.1/net/netfilter/xt_CONNMARK.c > Index: linux-2.6.17.1/net/netfilter/xt_MARK.c There are quite a few more that are restricted to mangle without good reason: net/netfilter/xt_CLASSIFY.c: .table = "mangle", net/netfilter/xt_CONNSECMARK.c: .table = "mangle", net/netfilter/xt_DSCP.c: .table = "mangle", net/netfilter/xt_MARK.c: .table = "mangle", net/netfilter/xt_SECMARK.c: .table = "mangle", net/ipv4/netfilter/ipt_ECN.c: .table = "mangle", net/ipv4/netfilter/ipt_TOS.c: .table = "mangle", net/ipv4/netfilter/ipt_TTL.c: .table = "mangle", net/ipv6/netfilter/ip6t_HL.c: .table = "mangle", If we're going to remove this, I think we should do it for all of them. The manpages also need to be updated.