Jan Engelhardt wrote: > On Wednesday 2010-03-17 14:56, Patrick McHardy wrote: > >> Jan Engelhardt wrote: >>> The SYSRQ target will allow to remotely invoke sysrq on the local >>> machine. Authentication is by means of a pre-shared key that can >>> either be transmitted plaintext or digest-secured. >> Lets deal with the other modules first while I make up my mind. > > John Haxby wanted to see xt_SYSRQ mainlined[1] > [1] http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.devel/32706 > > > xt_condition's submission was triggered by reappearing souls on IRC (you > might want to visit that sometimes ;-) > 16.03.2010/20:27 < mancha> "no web access" is a nice toggle to have as > are others > I personally use it too; somehow I find (when leaving the house) > echo 1 >/proc/net/nf_condition/allow_from_university > more integrated than having to keep two iptables-restore rulesets in > sync. Yes, I know its used by quite a few people, so it makes sense to merge it. > xt_TEE is something network people really seem to love[2,3] for logging. > [2] http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/ > [3] http://www-rocq.inria.fr/imara/dw/users/oliviermehani/2008phd/rtmapsplatform Also agreed on TEE, we just need to get rid of the duplicated output function. It shouldn't be *that* hard, worst case we need to add some further restrictions on the possible hooks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
