From: Andreas Herz <andi@geekosphere.org>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter@vger.kernel.org
Subject: Re: [ANNOUNCE]: Release of nftables 0.099
Date: Tue, 21 Jan 2014 13:24:06 +0100 [thread overview]
Message-ID: <20140121122406.GS5409@kvmbude> (raw)
In-Reply-To: <20140121121413.GC30577@macbook.localnet>
On 21/01/14 at 12:14, Patrick McHardy wrote:
> On Tue, Jan 21, 2014 at 12:59:09PM +0100, Andreas Herz wrote:
> > First of all thanks for the release and ongoing work!
> >
> > On 20/01/14 at 13:11, Patrick McHardy wrote:
> > > nftables features native support for sets and dictionaries of arbitrary
> > > types, support for many different protocols, meta data types, connection
> > > tracking, NAT, logging, atomic incremental and full ruleset updates,
> > > a netlink API with notification support, a format grammar, a compatiblity
> > > layer for iptables/ip6tables and more.
> >
> > Does the native set support also include sets with timeout, like the
> > ipset maintained by Jozsef?
> > Or is there any plan to introduce this feature into nftables or just use
> > ipset and make it nftables compatible?
> >
> > Since i'm using a patched version of ipset i would like to know the
> > future related to that feature :)
>
> Currently we don't support timeouts and also don't support dynamically
> adding members to sets, though the last part would be pretty easy to
> implement.
Thanks for the info.
> Timeouts shouldn't be that hard as well, but I would need to think about
> this some more, I'd prefer not to add struct timer_lists everywhere.
That sounds like it rather won't come into nftables code. So what would
be the suggestion?
Or asking more specific, what would be the suggested way to add special
features needed for some scenarios?
For example, how would you port modules like portscan or others from
xtables-addons to nftables.
Integrate it or port it to be used as a addon.
> I'll intend to work on some set related stuff in the next time, I'll look
> into it then.
Thanks and no hurry, it just helps me to find out where i should focus
on my own development affected by the switch to nftables some day :)
--
Andreas Herz
next prev parent reply other threads:[~2014-01-21 12:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-20 13:11 [ANNOUNCE]: Release of nftables 0.099 Patrick McHardy
2014-01-20 23:38 ` Release of nftables-plus 0.099 Jan Engelhardt
2014-01-20 23:41 ` [netfilter-core] " Patrick McHardy
2014-01-21 0:00 ` Jan Engelhardt
2014-01-21 0:26 ` Patrick McHardy
2014-01-21 11:59 ` [ANNOUNCE]: Release of nftables 0.099 Andreas Herz
2014-01-21 12:14 ` Patrick McHardy
2014-01-21 12:24 ` Andreas Herz [this message]
2014-01-21 12:32 ` Patrick McHardy
2014-01-21 12:43 ` Andreas Herz
2014-01-21 12:49 ` Patrick McHardy
2014-01-21 13:12 ` Jozsef Kadlecsik
2014-01-21 13:27 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140121122406.GS5409@kvmbude \
--to=andi@geekosphere.org \
--cc=kaber@trash.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).