On Thursday 2010-03-25 11:26, Patrick McHardy wrote: >>> Yes, a kernel message sounds fine and less annoying than an >>> iptables message since we can limit it to print only once. >>> >>> I'm not really convinced of removing state though, I has never >>> caused any maintenance overhead, it requires a lot less memory >>> than xt_conntrack And yet, you proposed removing xt_NOTRACK in favor of xt_CT where the same argument about memory tradeoff would hold. >>> and it seems more intuitive to write "-m state" >>> than "-m conntrack --ctstate" to me. >> >> I oppose the removal of xt_state, *unless* the userspace "-m state" is >> kept working and the conntrack module automatically supports it. > >Yes, that would be acceptable. > >> It's such a basic match that it's simply overkill to remove it. > >Agreed. So what now? Should xt_conntrack be perhaps rebranded as a new xt_state rev and let's obsolete xt_conntrack.c instead? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
