Greg Alexander wrote: > Is there anyone else on this mailing list who cares to chime in? > > I believe it is more important to conform to standards and common > practice, especially since they are the same in this case and present no > undue burden or risk. > > Patrick McHardy seems to believe it is more important to enforce a rule > of thumb prohibiting wildcard expectations. > > We each have precedent in other NAT helpers to support our position. Well, I'll add one final point. You mentioned the IRC helper as precedent, without referring to anything concrete. You're mistaken though, the destination address is fixed. But I see where your misunderstanding might come from. What the SIP helper does is allow expectations between *arbitrary* hosts when the direct_media option is off - the destination address originates from the SDP payload, the source address is a wildcard. > Any other opinions? Linux is a group effort. > > I'm not used to playing politics just to get a Linux project to adhere to > a standard, but here we are. If I do not receive a satisfactory response > here, I will petition the non-development netfilter user list. Should > that fail I will attempt to induce the vast masses of users who are > inconvenienced by this misfeature to write to various netfilter project > mailing lists. Nip this in the bud, explain to me how sip_direct_media > poses an actual security risk worth breaking SIP NAT for most users over. > > This issue will not go away for the userbase until the default is > changed. The status quo in which the users are ignored is over. > > Thanks, Have fun. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
