From mboxrd@z Thu Jan 1 00:00:00 1970 From: Neal Murphy Subject: Re: Formal submission of Xtables2 Date: Mon, 17 Dec 2012 20:51:52 -0500 Message-ID: <201212172051.52499.neal.p.murphy@alum.wpi.edu> References: <20121213142820.GA3489@1984> Reply-To: neal.p.murphy@alum.wpi.edu Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: Text/Plain; charset="us-ascii" To: netfilter@vger.kernel.org As a disinterested third party*, I think Jan is voicing stronger arguments, and that Pablo may need to enhance his debating skills. N * Disinterested in that I don't have a bone to pick in this debate. I do have a few netfilter thoughts, though, concerning general usability enhancements to the facility: 32 bit connmarks can be rather limiting (64 bits would be far more adequate), integrated IPv4/IPv6 (it'd be nice to be able to specify both addresses for a node in a single rule, for dual-stacked nodes), and a way to explicitly include related conns in a rule (after establishment, there seems to be no way to associate a related conn with the rule that allowed it in the first place).