On Fri, Apr 10, 2015 at 01:36:13AM +0100, Patrick McHardy wrote: > On 10.04, Pablo Neira Ayuso wrote: > > On Fri, Apr 10, 2015 at 01:11:52AM +0100, Patrick McHardy wrote: > > > On 10.04, Pablo Neira Ayuso wrote: > > > > > And actually if you consider what the majority of users are, its people > > > > > using distro provided firewalls, the translation layer will actually > > > > > get us the huge majority of users. > > > > > > > > > > People who actively want to switch won't mind changing their ruleset, > > > > > so they might as well tell us if some feature is missing and we can > > > > > then discuss how to implement it in nftables. > > > > > > > > They will tell us what they need, then they will sit down waiting > > > > until distributors start packaging the new feature, which means > > > > another wait of ~2 years. Most people rely on Linux distributions, not > > > > bleeding edge kernels. You know how behind people can remain from > > > > mainstream to feel -stable. > > > > > > Some distributions are *a lot* faster than that. I don't buy that > > > argument, this is how development has always worked, people state > > > what they need, it gets done. > > > > Even most skilled sysadmin that I know tend to stick to conservative > > distributions to relieve their workload, specially when they have to > > maintain hundred, thousands of systems. > > > > Propagation timing of nftables to production will take quite some time > > and will have to coexist with iptables for long time. > > > > Fact is that we won't be able to get rid of iptables for years. > > Nobody doubts that. You still have to consider the consequences, and > they are not pretty. Lets stick to the other thread to avoid repeating > ourselves. I'm stopping here Patrick, enough work and discussion for today. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
