Re: [PATCH 2/2] [NETFILTER]: xt_owner: allow matching UID/GID ranges

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jan 20 2008 14:50, Patrick McHardy wrote:
>
> Jan Engelhardt wrote:
>> commit 1ab123486c698860966193d254db54f8a4d428b4
>> Author: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
>> Date:   Sun Jan 20 13:15:08 2008 +0100
>> 
>>     [NETFILTER]: xt_owner: allow matching UID/GID ranges
>
>
> Is that actually useful? The GID already allows to match
> on entire groups, this seems like a "let do it just because
> we can" patch to me.
>
Of course there is a use case. System with like 2000 students; the
user database is historically grown, so UIDs are 'consecutively
random', i.e. order depends on time the user account was added.
Preallocating an UID range to students is therefore not anymore
possible.

	* I do not want to add 2000 -m owner rules,
	that would just be totally inefficient.

I could add rules for blocks of UIDs (usually they do get added in
batch), but...

	* that's still lots!
	2032-5241, 6010-6185, 10001-10209, 10214, 10235-10422, ...

So, we turn to the GID. Because the GID of a user depends on the
grade (and that changes over time), preallocating UID ranges is not
even feasible. But well, at least the number of rules is down:

	* 1301, 1302, 1303, 1304, 1305...

Can we simplify that? Yes, with GID ranges.

	* 1301-1334
	* 1352-1364 (blame legislation for this new range...)

Two rules, I'm stunned! :-)
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux