Jan Engelhardt <jengelh@xxxxxxxxxx> writes: > On Monday 2010-12-06 13:26, Ferenc Wagner wrote: > >>>> I opened http://bugzilla.netfilter.org/show_bug.cgi?id=683 >>> >>> This was done on purpose by me, because username resolution usually does >>> not take ages like DNS, and user ids can actually change if you copy a >>> ruleset to another machine (this is much more unlikely to be the case >>> with DNS). >> >> This is indeed true if you only use a local passwd and group database. > > (Is your LDAP _that_ slow?) It's dog slow until the network is brought up... But maybe there's some misunderstanding here. My problem isn't slowness, it's the fundamental impossibility of resolving the user names to numbers before the network is up. And that's the very time to install firewall rules, isn't it? > The change is now in git://dev.medozas.de/iptables . How cool! So you decided to change the default behaviour after all! -- Thanks a lot! Feri. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html