Re: POM Xtables??? - Patrick McHardy

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Dave <finalglide@gmail.com>
Cc: Jan Engelhardt <jengelh@medozas.de>, netfilter@vger.kernel.org
Subject: Re: POM Xtables???
Date: Mon, 30 Jun 2008 18:20:58 +0200	[thread overview]
Message-ID: <486907EA.60105@trash.net> (raw)
In-Reply-To: <935fab200806300904rc7dc7b2kf58ab7893c3ef20a@mail.gmail.com>

Dave wrote:
> Over the weekend I managed to get the Xtables-addons working with
> Kernel 2.6.25.  Throughout this process many questions have come up
> that were unanswered by the documentation or Netfilter site.  I'll
> point them out.
> 
> 1) Confusion on just what Xtables is.  Is Xtables really just
> Iptables?  It seems to be, but there is nothing saying so officially.

x_tables is the common core behind ip_tables, ip6_tables and
arp_tables.

> 3) Still don't know where Xtables-addons fits in with Netfilter?  Why
> is Xtables not on the Netfilter site or even mentioned there at all?
> What does the core Netfilter team think of Xtables-addons?

I have no opinion about this except that already mentioned by
Jan: useful patches in proper state should be upstream, all
others I don't care about.

> 4) How does one patch for ACCOUNT and IPSET?  I couldn't find any
> modules for Xtables-addons to patch for these extensions, although I
> did find mention of a xt_account extension, but couldn't find any
> download or anyway to add it to addons.  I had to patch ACCOUNT and
> IPSET with Patch-O-Matic.  It seems we really have to use both these
> patchers to get everything.

ipset is an exception as its the only patch maintained by
someone from the Core Team that has not been merged upstream
yet. As such it shouldn't be included in Jan's package since
Jozsef is doing official releases in pom.

> 6) Currently the extensions and patching systems seems to be a
> hodge-podge of items, all with different web sites, maintainers and
> writers, from a newbie perspective it's confusing, would be nice if it
> was wrapped up into something more straitforward. Hopefully this is
> what Xtables-addons is doing, BUT would be really nice if this all
> started officially at Netfilter.org.

Short answer - don't do it, the module provided by the kernel
should be enough for 99.99% of all cases. If it isn't, convince
us to merge the patch, which usually isn't very hard.

History has repeatedly shown that out of tree patches are buggy
and cause more problems than they solve, which is why there
is no interest from the netfilter team in maintaining external
patches (with the one exception of ipset, which is not considered
ready for upstream yet by Jozsef, its author).

next prev parent reply	other threads:[~2008-06-30 16:20 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-27 17:54 POM Xtables??? Dave
2008-06-27 18:58 ` Jan Engelhardt
2008-06-27 20:08   ` Dave
2008-06-27 21:16     ` Jan Engelhardt
2008-06-29  2:20   ` Grant Taylor
2008-06-30 16:04     ` Dave
2008-06-30 16:20       ` Patrick McHardy [this message]
2008-06-30 20:46         ` Jan Engelhardt
2008-06-30 20:52           ` Patrick McHardy
2008-07-01  9:43             ` Jozsef Kadlecsik
2008-07-01  9:46               ` Patrick McHardy
2008-07-01 11:38                 ` Jan Engelhardt
2008-07-01 11:43                   ` Patrick McHardy
2008-07-01 11:50                     ` Jan Engelhardt
2008-07-01 11:57                       ` Patrick McHardy
2008-07-01 14:05                     ` Grant Taylor
2008-07-01 14:10                       ` Patrick McHardy
2008-07-01 14:27                         ` Grant Taylor
2008-07-01 14:34                           ` Patrick McHardy
2008-07-01 14:30                       ` Jan Engelhardt
2008-07-23 20:19             ` Jan Engelhardt
2008-07-23 23:21               ` Patrick McHardy
2008-07-24  8:31                 ` James King
2008-07-24  9:21                   ` Pablo Neira Ayuso
2008-07-24  9:43                     ` Patrick McHardy
2008-08-15  8:17                       ` James King
2008-08-19 11:35                         ` Brent Clark
2008-08-15  8:48                     ` James King
2008-06-30 21:11         ` Jozsef Kadlecsik
2008-06-30 21:47           ` Jan Engelhardt
2008-07-01 10:00             ` Jozsef Kadlecsik
2008-07-01 11:19               ` Jan Engelhardt
2008-06-30 20:18       ` Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=486907EA.60105@trash.net \
    --to=kaber@trash.net \
    --cc=finalglide@gmail.com \
    --cc=jengelh@medozas.de \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox