From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jan Engelhardt <jengelh@inai.de>
Cc: David Miller <davem@davemloft.net>, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 4/4] netfilter: xtables: inclusion of xt_SYSRQ
Date: Fri, 13 Jul 2012 11:16:48 +0200 [thread overview]
Message-ID: <20120713091648.GA20796@1984> (raw)
In-Reply-To: <alpine.LNX.2.01.1207121822430.13237@frira.zrqbmnf.qr>
On Thu, Jul 12, 2012 at 06:25:13PM +0200, Jan Engelhardt wrote:
>
> On Thursday 2012-07-12 17:49, Pablo Neira Ayuso wrote:
> >> +config NETFILTER_XT_TARGET_SYSRQ
> >> + tristate '"SYSRQ" - remote sysrq invocation'
> >
> >I guess this is useful for user, eg. you can reboot your crashed
> >system from your office in case that cheap comodity hardware without
> >remote management tools (eg. HP's ILO or Dell's iDRAC).
> >
> >Still, I think that including this in Netfilter is a bit of abuse
> >since this is out of the scope of providing some firewalling feature.
>
> David Miller has stated his opinion already last year, and he's
> for the Netfilter variant:
> http://markmail.org/message/d7kpczdbtpcxwli6
I think that affirmation is true in the context of:
[PATCH]: Add Network Sysrq Support
but not sure it's out of it.
He probably prefered the Netfilter option because, comparing it to the
Netfilter approach, it looks nicer. Well, just look at all those sysfs
and proc interfaces he was proposing for that approach (it seems quite
ugly to me).
You can use the udp_encap hook (that Florian mentioned) plus some
genetlink interface and little user-space tool to make it out of
netfilter. Most of the xt_SYSRQ code can be reused and the genetlink
interface plus one library can be added with little extra work.
@David: just to put you into context. Jan is proposing to merge
xt_SYSRQ into mainstream, we are discussing if it would be better to
make it out of it (so people do not depend on the firewalling
utilities to get it working) based on a different proposal described
above.
next prev parent reply other threads:[~2012-07-13 9:16 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-10 23:52 xt_recent cleanups, xt_SYSRQ Jan Engelhardt
2012-07-10 23:52 ` [PATCH 1/4] netfilter: xt_recent: remove ip_list_hash_size parameter Jan Engelhardt
2012-07-12 15:42 ` Pablo Neira Ayuso
2012-07-10 23:52 ` [PATCH 2/4] netfilter: cleanup use of the term "IPs" Jan Engelhardt
2012-07-12 15:43 ` Pablo Neira Ayuso
2012-07-10 23:52 ` [PATCH 3/4] netfilter: use permission mnemonics in module_param Jan Engelhardt
2012-07-10 23:52 ` [PATCH 4/4] netfilter: xtables: inclusion of xt_SYSRQ Jan Engelhardt
2012-07-12 15:49 ` Pablo Neira Ayuso
2012-07-12 16:25 ` Jan Engelhardt
2012-07-12 20:26 ` Florian Westphal
2012-07-12 20:29 ` Jan Engelhardt
2012-07-12 20:35 ` Florian Westphal
2012-07-12 21:25 ` Jan Engelhardt
2012-07-13 9:16 ` Pablo Neira Ayuso [this message]
2012-07-14 1:43 ` Maciej Żenczykowski
2012-07-14 13:11 ` Pablo Neira Ayuso
2012-07-14 14:49 ` Aft nix
2012-07-14 15:24 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120713091648.GA20796@1984 \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=jengelh@inai.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).