On Wed, Jul 02, 2014 at 10:43:23PM +0200, Florian Westphal wrote: > Quentin Headen <qheaden@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > Florian Westphal <fw@xxxxxxxxx> wrote: > > > nftables is currently under active development; f.e. you could > > > add one of the missing iptables extensions such as hashlimit > > > or nfacct. > > > > Working on hashlimit for nftables sounds interesting. > > Its not very beginner-friendly though. > nfacct *might* be a bit simpler. I think this proposal was a good idea, but just to avoid overlap. Arturo already started some hacking on that. We're still discussing the integration with the new nftables transaction infrastructure, the idea is to add native nf_tables commands to add/delete/dump accounting objects, but that would add dependencies between nfnetlink_acct and nf_tables, which is something that should only happen on demand. > Maybe someone else has a better idea. Working on userspace seems like a better option for a newbie, I'd suggest. So I would point to detecting bugs in nft, file them into netfilter's bugzilla and trying to fix them. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
