From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>, Patrick Schaaf <netdev@bof.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: nftables with ipset combined types
Date: Mon, 03 Feb 2014 20:28:49 +0000 [thread overview]
Message-ID: <27f7b03e-5dd5-4e6b-a0fe-099f07fbea6f@email.android.com> (raw)
In-Reply-To: <20140202235734.GA6793@localhost>
On 2. Februar 2014 23:57:34 GMT+00:00, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>On Wed, Jan 29, 2014 at 12:34:12PM +0100, Patrick Schaaf wrote:
>> Hi Pablo,
>>
>> another useful feature of ipset is that the same set is usable in the
>> filter, nat, and mangle tables.
>>
>> If I'm not mistaken, sets in nftables are right now scoped within a
>table,
>> so I could not reuse them in that fashion.
>
>The table <-> set link is currently needed to check for loops if
>verdict maps are used. But AFAICS, for sets with no verdict maps using
>jump to chain, this limitation could be removed. I'll add this to my
>TODO list.
While this might be useful, I don't think it justifies more than minor code changes since the user can just as well only use a single table.
Regarding TODO lists, I think it would be good to put the bigger items in the nftables TODO list. I'll start by cleaning it up and adding my current items.
prev parent reply other threads:[~2014-02-03 20:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-29 7:27 nftables with ipset combined types Brian Allen Vanderburg II
2014-01-29 9:30 ` Pablo Neira Ayuso
2014-01-29 11:34 ` Patrick Schaaf
2014-01-29 11:48 ` Arturo Borrero Gonzalez
2014-02-02 23:57 ` Pablo Neira Ayuso
2014-02-03 20:28 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=27f7b03e-5dd5-4e6b-a0fe-099f07fbea6f@email.android.com \
--to=kaber@trash.net \
--cc=netdev@bof.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).