Jan Engelhardt wrote:
On Nov 16 2007 01:06, Patrick McHardy wrote:
David Miller wrote:
Patrick I would like to propose that we do something similar to how we
handle all the non-trivial routing and TCP congestion control
settings.
And that is to have an "ADVANCED" guard that simply doesn't present
the myriad of netfilter modules and options we have.
Basically, if the user doesn't set CONFIG_NETFILTER_ADVANCED he gets
basic NAT and connection tracking support, that's it.
Or at least something along those lines.
That sounds good, I believe we already talked at the workshop about
this. Additionally I'd like something that selects all modules at
once if it doesn't get too ugly since its a PITA to go through all
the options, and I usually do enable them :). I'll look into these
two things tommorrow.
Yeah, I'd agree that on CONFIG_NETFILTER_ADVANCED=no, all the fluffy
modules should be selected. It is largely an allmodconfig inside
the nf menuconfig tree.
Mhh I'm not sure if that should really select all modules, I was more
thinking of NETFILTER_ADVANCED=n should select the basic modules that
are needed to run let say a normal distribution firewall script, and
CONFIG_NETFILTER_ADVANCED=y would give you more choice over the modules.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html