On Oct 20 2007 00:47, Valdis.Kletnieks@xxxxxx wrote: >> Sure, the idea was to mark the filter table obsolete as to make people start >> using the mangle table to do their filtering for new setups. The filter >> table would then still be available for legacy/special setups. But this >> would only be possible if we at least ported the REJECT target to mangle. > >That's *half* the battle. The other half is explaining why I should move >from a perfectly functional setup that uses the filter table. What gains >do I get from doing so? What isn't working that I don't know about? etc? > >In other words - why do I want to move from filter to mangle? Packet processing time. Compare previous: packet goes through mangle, then is dropped in filter Compare afterwards: packet is already dropped in mangle => less code to run through - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
