Re: [PATCH] iptables gateway match

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Amin Azez <azez@ufomechanic.net>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] iptables gateway match
Date: Sun, 03 Jun 2007 19:10:29 +0200	[thread overview]
Message-ID: <4662F605.9040700@trash.net> (raw)
In-Reply-To: <46607546.4050100@ufomechanic.net>

Amin Azez wrote:
> Patrick McHardy wrote:
> 
>> I'm wondering whether we really need a new match for this. It should
>> be possible to do the same using routing realms and the realm match.
>>   
> 
> It's possible that it could be managed using realms, but THAT would be a
> hack, and one very hard for rule generating systems to use, especially
> if realms were already in use.


I don't consider that this a hack. Its even more useful since you
can do masked matches. I also don't see the problem for generated
rules, in fact I used them for exactly this (and other) purpose
in a rule generating system.

> The match as used here is purely for ip<->ip routing compatability, easy
> auto generation of SNATing rules when the next hop router doesn't have a
> reverse route.
> 
> It's also useful for collecting per-gateway statistics (esp. with load
> balancing) and debugging complex routing.
> 
> It will also be useful to most people who won't or can't bend realms to
> their will.
> 
> I don't know if realms will help in the load balancing routing case anyway.


Yes, you can use one realm per nexthop.

next prev parent reply	other threads:[~2007-06-03 17:10 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-01 16:47 [PATCH] iptables gateway match Amin Azez
2007-06-01 16:52 ` Patrick McHardy
2007-06-01 19:36   ` Amin Azez
2007-06-03 17:10     ` Patrick McHardy [this message]
2007-06-02 11:38 ` Henrik Nordstrom
2007-06-02 16:56 ` [PATCH] xt_gateway match Jan Engelhardt
2007-06-02 16:56   ` [PATCH] xt_gateway match (kernel) Jan Engelhardt
2007-06-02 17:08     ` [PATCH] xt_gateway match (kernel,2) Jan Engelhardt
2007-06-02 16:57   ` [PATCH] xt_gateway match (iptables) Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4662F605.9040700@trash.net \
    --to=kaber@trash.net \
    --cc=azez@ufomechanic.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.