In other words, to be able to
customise, say, certain IP addresses/subnets, certain ethernet
interfaces etc, and then used anywhere in stack statements - NFCT, NFLOG
and so on.
If this universal filter is an excellent idea, it will suffer from some
performance issue. The NFCT filter I'm currently implementing does the
filtering inside the kernel which is really efficient. For NFLOG, kernel
filtering can be done via iptables.
Yeah, sorry, I've got carried away a bit there. :-)
Of course, with NFLOG things are much more easier.
If I am able to place a "custom" filter with different "filter" values
in each separate stack, redirecting input to different places, then I
would be able to track down what I want quite easily.
You should be able to do a per-network filtering with my current work. I
should have a patch ready today.
Looking forward to it.
In the coming days I'll look at the PGSQL
implementation code to see whether SSL connection to the database server
is a possibility with this plug in - it will be another good security
feature if that is possible to be implemented.
Fine!
I managed to get some preliminary code working yesterday and later today
when I get home I'll get the chance to test it with the real plug in to
see whether SSL works. If it does, I'll propose some changes to include
SSL capability to the PGSQL plugin.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
