> 1) In the last Netfilter workshop, we decided that we're targeting > towards explicit helper configuration via iptables, ie. something > like: > > ip6tables -I OUTPUT -t raw -s $SRC -d $DST \ > -p udp --dport 547 -j CT --helper dhcpv6 > > According to your report, this is exactly what distributors don't > want to do. Interesting. Well, my impression is that distributions don't wan't to add rules, but if they can't avoid it, they'll just have to cope. Is this changeover coming in the immediate future? > 2) The helper infrastructure is allowing us to filter broadcast > traffic but I think that it's been designed for a different purpose. > I know, we don't have any better by now. But in the meanwhile, we're > adding specific helpers to support each broadcast protocol. Agreed, while I think for now this helper is fine, I think it'd be nice to have a more generic multicast/broadcast helper, although it'd still need to have specific protocols baked into it to work (maybe netbios, dhcpv6, mDNS, LLMNR, SSDP, neighbour discovery, other things). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
