On Thursday 2012-07-12 22:35, Florian Westphal wrote: >Jan Engelhardt <jengelh@xxxxxxx> wrote: >> >Jan Engelhardt <jengelh@xxxxxxx> wrote: >> >> David Miller has stated his opinion already last year, and he's >> >> for the Netfilter variant: >> >> http://markmail.org/message/d7kpczdbtpcxwli6 >> > >> >We now have udp encap support also for ipv6, so this could now >> >be solved outside of netfilter without impacting the ability to >> >filter sysreq packets. >> >> How does xt_SYSRQ inhibit filtering sysrq packets? > >Not at all. But the last 'do it outside of netfilter' approaches >suffered from that. With encap sockets this should no longer be a >problem. People like using Xtables because it's simple and they know how to use it (or at least, the frontend). The biggest strength is that users can _combine it with existing extensions_. All that seems impossible with the sysrq-ping patch. (You know how they hate it when they have to cross a "boundary" like iptables-nfmark-tc and iptables-nfmark-iproute). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
