On 12-12-18 08:58 AM, Jan Engelhardt wrote:
Chains can store multiple targets, so no loss.
Nice.
1. table
First, I think some targets need to relax their restrictions, such as
with xt_DSCP.
Saw your other patch to get rid of mangle hardcoding.
Then, only a handful of extensions remain: CT, <all NATs>,
TPROXY and REJECT. Would anyone want to call these from act_ipt?
I doubt it. :)
Tempted to say tproxy.
2. hooks
Extensions with hook limit: <NAT>, TPROXY, REJECT, CLASSIFY.
Again, I don't quite see the value of attempting to NAT from act_ipt.
CLASSIFY {c|sh?}ould be relaxed, unless I am missing something.
I could live with that. It would be an improvement over whats there
today. I would prefer however for this to be an improvement over
act_xt.c i posted as opposed to have even more interfaces for xt.
We've suffered enough already ;-> i.e add your patches on top.
cheers,
jamal
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
