On Fri, Sep 19, 2014 at 11:49:02AM +0200, Arturo Borrero Gonzalez wrote: > Hi, > > the -nnn switch in in nftables is IMO a bit annoying. > We are bounded to use that switch in every serious usage of nft. > > Let me remember the current behaviour: > > -n -> don't translate IP addresses to names. > -nn -> also, don't translate gids/uids to names. > -nnn -> also, don't translate port numbers to names. > default -> translate all numbers to names. > > I propose here that before nftables goes absolutely mainstream we > change the behaviour to the opposite: > > -n -> translate IP addresses to names. > -nn -> translate gids/uids to names. > -nnn -> translate port numbers to names. > default -> show all numerically. > > What do you think? That seems quite counter intuitive. I'd say the default should be not to cause any network traffic for a regular system (not using LDAP or whatever), which would be -n. So I would be fine with -n being the default and adding an option to also translate hostnames. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
