On 09.11, Florian Westphal wrote: > Patrick McHardy <kaber@xxxxxxxxx> wrote: > > Am 9. November 2015 19:36:06 GMT+00:00, schrieb Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>: > > >On Mon, 9 Nov 2015, Patrick McHardy wrote: > > >> The method of using notrack would of course still be possible. > > > > > >I like the idea: the notrack method would still be supported and the > > >"do > > >conntrack but with safety-net" way would be possible too. Looks cool! > > > > Thanks Jozsef. I'm thinking it's the best of both worlds myself. Implementation should be quite easy, I'll give it a try. > > I'm fine with the suggestion, but, pardon the heretic question: > > Why do we need synproxy after the recent listen lock removal from Eric? Simple answer is - its for the network, not for the host :) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
