On Thu, 3 Jul 2008, Jan Engelhardt wrote: > On Thursday 2008-07-03 15:31, Jozsef Kadlecsik wrote: > >On Thu, 3 Jul 2008, Jan Engelhardt wrote: > >> On Thursday 2008-07-03 14:39, Jozsef Kadlecsik wrote: > >> > > >> >One can find a lot of smaller and bigger missing pieces, like a new table, > >> >new hook, if we'd associate a 'routing table' to a 'chain in the iptables > >> >route table', then we'd need a default policy support (i.e. default route) > >> >for the user defined chains too, etc. > >> > >> User-defined chains always have an implicit policy of 'RETURN', > >> and I would not turn a knob on that property anytime. > > > >Routing cannot be replaced by netfilter 'route' table without supporting a > >'default policy' (as default route) in the user defined chains (as routing > >tables). > > User-defines chains return to the main chain once control runs off their end. > Since the main chain has a default policy, I do not see aproblem. That means we'd not support multiple routing tables with default routes. We'd loose an important functionality, which is unacceptable. [...] > >Unless you intend to define the 'default route' as the last rule in any > >chain... > > No, default route would be > > iptables -t route -A ROUTING <no further conditions> -j ROUTE --via > my-default-gw-ip > > Because traditional routing tables can have no default route, > xtables should not be forced to have one either. Routing tables can have default route. Most of the time this is the main point when using multiple routing tables: source routing via another default route. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
