James King wrote:
ipp2p and l7filter both use different strategies for DPI
classification, each having their own pros and cons.
You know most people, groups etc look for the next best thing. Take a
look at Firefox and apple ( *pod), they continuously announcing whats
hip and new, what they doing etc, and looking at ways to keep a captive
audience.
My question is what netfilters next best thing?
Having used and using Xtables, I thinking it FSCKING brilliant (excuse
slander, hope I did not offend, but there was not other way to explain).
I dont have to struggle and my turn around time is minutes.
I continuously thank Jan for the work his doing.
I suggest forget POM. its old and the process is slow and laborious (and
thats hoping you can get it compiled in the kernel).
Getting back to iptables.
Its great to see others stepping forward and wanting to implement a
Layer 7 filtering, and I say go for it and work on it, but in the mean
time and to the netfilter team, my question is, how long will that take
till its able to get off the ground to too hope that it gets accepted by
the teams (netfilter and kernel).
To be constructive, and looking for a solid way forward (even if
interim), would it not be better to implement l7 in xtables or better
iptables.
Yes the L7 code may suck now or incorrectly thoughtout, but getting it
working will help people. People understand that its not perfect or bug
less, the fact they have option and it being worked on, helps.
Im of the opinion that Netfilter really needs to look and think out the
box and realize ppl want *now*, troubleless (less not free), shiny and
new (this goes hand in hand with promoting, marketing etc).
Google for pf vs iptables, and you will find a plethora of links
promoting either / or. Netfilter needs that "shiny" that will set it
apart from the rest that will and have the bells and whistles.
My aim it to not offend anyone, but let the powers that be know, that
there is a demand for more. Ill probably get flamed, but I hope this
email gets taken in the light of constructive criticism and for the
greater of the user community that like quick install, all in one solution.
Kind Regards
Brent Clark
P.s. James, I hope you get your solution off the ground and working.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html