Re: Bug? iptables-save dumps resolved uids/gids for owner matches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jan Engelhardt <jengelh@xxxxxxxxxx> writes:

> On Monday 2010-12-06 13:26, Ferenc Wagner wrote:
>
>>>> I opened http://bugzilla.netfilter.org/show_bug.cgi?id=683
>>>
>>> This was done on purpose by me, because username resolution usually does 
>>> not take ages like DNS, and user ids can actually change if you copy a 
>>> ruleset to another machine (this is much more unlikely to be the case 
>>> with DNS).
>>
>> This is indeed true if you only use a local passwd and group database.
>
> (Is your LDAP _that_ slow?)

It's dog slow until the network is brought up...  But maybe there's some
misunderstanding here.  My problem isn't slowness, it's the fundamental
impossibility of resolving the user names to numbers before the network
is up.  And that's the very time to install firewall rules, isn't it?

> The change is now in git://dev.medozas.de/iptables .

How cool!  So you decided to change the default behaviour after all!
-- 
Thanks a lot!
Feri.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux