From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Patrick McHardy <kaber@trash.net>
Cc: Florian Westphal <fw@strlen.de>,
netfilter-devel@vger.kernel.org, arturo.borrero.glez@gmail.com
Subject: Re: [PATCH nft v2 3/3] src: add xt compat support
Date: Fri, 10 Apr 2015 01:44:25 +0200 [thread overview]
Message-ID: <20150409234424.GB6169@salvia> (raw)
In-Reply-To: <20150409232106.GB13473@acer.localdomain>
On Fri, Apr 10, 2015 at 12:21:06AM +0100, Patrick McHardy wrote:
> On 10.04, Pablo Neira Ayuso wrote:
> > On Thu, Apr 09, 2015 at 10:51:35PM +0200, Florian Westphal wrote:
> > > Why would I want to re-write a working nft+compat ruleset to one
> > > that only uses native expressions?
> >
> > The fact is that we cannot push users to use nf_tables, but we can
> > provide good reasons to adopt the native replacements and tools to
> > migrate easily.
>
> We actually can by translating their iptables ruleset transparently.
Users' ruleset can be very sophisticated, some of them may just not
move forward because only one single feature that they need is
missing. So they will postpone migration. That is not good.
The translation is a complementary thing, not a replacement of the
compatibility layer.
next prev parent reply other threads:[~2015-04-09 23:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-09 16:55 [PATCH nft v2 1/3] include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.h Pablo Neira Ayuso
2015-04-09 16:55 ` [PATCH nft v2 2/3] src: expose delinearize/linearize structures and stmt_error() Pablo Neira Ayuso
2015-04-09 16:55 ` [PATCH nft v2 3/3] src: add xt compat support Pablo Neira Ayuso
2015-04-09 20:36 ` Patrick McHardy
2015-04-09 20:51 ` Florian Westphal
2015-04-09 22:34 ` Pablo Neira Ayuso
2015-04-09 22:36 ` Florian Westphal
2015-04-09 22:56 ` Pablo Neira Ayuso
2015-04-09 23:23 ` Patrick McHardy
2015-04-09 23:40 ` Pablo Neira Ayuso
2015-04-09 23:45 ` Patrick McHardy
2015-04-09 23:59 ` Pablo Neira Ayuso
2015-04-10 0:05 ` Patrick McHardy
2015-04-10 0:26 ` Pablo Neira Ayuso
2015-04-10 0:33 ` Patrick McHardy
2015-04-09 23:22 ` Patrick McHardy
2015-04-09 23:21 ` Patrick McHardy
2015-04-09 23:44 ` Pablo Neira Ayuso [this message]
2015-04-09 23:48 ` Patrick McHardy
2015-04-10 0:07 ` Pablo Neira Ayuso
2015-04-10 0:11 ` Patrick McHardy
2015-04-10 0:36 ` Pablo Neira Ayuso
2015-04-10 0:36 ` Patrick McHardy
2015-04-10 1:00 ` Pablo Neira Ayuso
2015-04-09 22:33 ` Pablo Neira Ayuso
2015-04-09 23:18 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150409234424.GB6169@salvia \
--to=pablo@netfilter.org \
--cc=arturo.borrero.glez@gmail.com \
--cc=fw@strlen.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).