Re: POM Xtables??? - Brent Clark

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Brent Clark <brentgclarklist@gmail.com>
To: James King <t.james.king@gmail.com>
Cc: Patrick McHardy <kaber@trash.net>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Jan Engelhardt <jengelh@medozas.de>, Dave <finalglide@gmail.com>,
	netfilter@vger.kernel.org,
	Netfilter Development Mailinglist
	<netfilter-devel@vger.kernel.org>
Subject: Re: POM Xtables???
Date: Tue, 19 Aug 2008 13:35:01 +0200	[thread overview]
Message-ID: <48AAAFE5.10201@gmail.com> (raw)
In-Reply-To: <38bcb3ec0808150117n729cb7b1yadcfa9018b9714be@mail.gmail.com>

James King wrote:
> ipp2p and l7filter both use different strategies for DPI
> classification, each having their own pros and cons.
You know most people, groups etc look for the next best thing. Take a 
look at Firefox and apple ( *pod), they continuously announcing whats 
hip and new, what they doing etc, and looking at ways to keep a captive 
audience.

My question is what netfilters next best thing?

Having used and using Xtables, I thinking it FSCKING brilliant (excuse 
slander, hope I did not offend, but there was not other way to explain). 
I dont have to struggle and my turn around time is minutes.
I continuously thank Jan for the work his doing.

I suggest forget POM. its old and the process is slow and laborious (and 
thats hoping you can get it compiled in the kernel).

Getting back to iptables.

Its great to see others stepping forward and wanting to implement a 
Layer 7 filtering, and I say go for it and work on it, but in the mean 
time and to the netfilter team, my question is, how long will that take 
till its able to get off the ground to too hope that it gets accepted by 
the teams (netfilter and kernel).

To be constructive, and looking for a solid way forward (even if 
interim), would it not be better to implement l7 in xtables or better 
iptables.
Yes the L7 code may suck now or incorrectly thoughtout, but getting it 
working will help people. People understand that its not perfect or bug 
less, the fact they have option and it being worked on, helps.

Im of the opinion that Netfilter really needs to look and think out the 
box and realize ppl want *now*, troubleless (less not free), shiny and 
new (this goes hand in hand with promoting, marketing etc).
Google for pf vs iptables, and you will find a plethora of links 
promoting either / or. Netfilter needs that "shiny" that will set it 
apart from the rest that will and have the bells and whistles.

My aim it to not offend anyone, but let the powers that be know, that 
there is a demand for more. Ill probably get flamed, but I hope this 
email gets taken in the light of constructive criticism and for the 
greater of the user community that like quick install, all in one solution.

Kind Regards
Brent Clark

P.s. James, I hope you get your solution off the ground  and working.

next prev parent reply	other threads:[~2008-08-19 11:35 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-27 17:54 POM Xtables??? Dave
2008-06-27 18:58 ` Jan Engelhardt
2008-06-27 20:08   ` Dave
2008-06-27 21:16     ` Jan Engelhardt
2008-06-29  2:20   ` Grant Taylor
2008-06-30 16:04     ` Dave
2008-06-30 16:20       ` Patrick McHardy
2008-06-30 20:46         ` Jan Engelhardt
2008-06-30 20:52           ` Patrick McHardy
2008-07-01  9:43             ` Jozsef Kadlecsik
2008-07-01  9:46               ` Patrick McHardy
2008-07-01 11:38                 ` Jan Engelhardt
2008-07-01 11:43                   ` Patrick McHardy
2008-07-01 11:50                     ` Jan Engelhardt
2008-07-01 11:57                       ` Patrick McHardy
2008-07-01 14:05                     ` Grant Taylor
2008-07-01 14:10                       ` Patrick McHardy
2008-07-01 14:27                         ` Grant Taylor
2008-07-01 14:34                           ` Patrick McHardy
2008-07-01 14:30                       ` Jan Engelhardt
2008-07-23 20:19             ` Jan Engelhardt
2008-07-23 23:21               ` Patrick McHardy
2008-07-24  8:31                 ` James King
2008-07-24  9:21                   ` Pablo Neira Ayuso
2008-07-24  9:43                     ` Patrick McHardy
2008-08-15  8:17                       ` James King
2008-08-19 11:35                         ` Brent Clark [this message]
2008-08-15  8:48                     ` James King
2008-06-30 21:11         ` Jozsef Kadlecsik
2008-06-30 21:47           ` Jan Engelhardt
2008-07-01 10:00             ` Jozsef Kadlecsik
2008-07-01 11:19               ` Jan Engelhardt
2008-06-30 20:18       ` Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48AAAFE5.10201@gmail.com \
    --to=brentgclarklist@gmail.com \
    --cc=finalglide@gmail.com \
    --cc=jengelh@medozas.de \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=netfilter@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=t.james.king@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox