On 10.04, Pablo Neira Ayuso wrote: > On Fri, Apr 10, 2015 at 01:11:52AM +0100, Patrick McHardy wrote: > > On 10.04, Pablo Neira Ayuso wrote: > > > > And actually if you consider what the majority of users are, its people > > > > using distro provided firewalls, the translation layer will actually > > > > get us the huge majority of users. > > > > > > > > People who actively want to switch won't mind changing their ruleset, > > > > so they might as well tell us if some feature is missing and we can > > > > then discuss how to implement it in nftables. > > > > > > They will tell us what they need, then they will sit down waiting > > > until distributors start packaging the new feature, which means > > > another wait of ~2 years. Most people rely on Linux distributions, not > > > bleeding edge kernels. You know how behind people can remain from > > > mainstream to feel -stable. > > > > Some distributions are *a lot* faster than that. I don't buy that > > argument, this is how development has always worked, people state > > what they need, it gets done. > > Even most skilled sysadmin that I know tend to stick to conservative > distributions to relieve their workload, specially when they have to > maintain hundred, thousands of systems. > > Propagation timing of nftables to production will take quite some time > and will have to coexist with iptables for long time. > > Fact is that we won't be able to get rid of iptables for years. Nobody doubts that. You still have to consider the consequences, and they are not pretty. Lets stick to the other thread to avoid repeating ourselves. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
