Still had this in the Draft folder..
On Monday 2008-06-30 22:52, Patrick McHardy wrote:
>
> Which rest? Is the list at the end of your mail complete?
Just contains those you have not yet rejected ;-)
>> Hence I have taken up some and fixed them to be straight.
>> Patrick, what's your judgment on the existing
>> xt_{LOGMARK,TARPIT,TEE,condition,geoip,ipp2p} modules in xtables-addons?
>>
>
> - LOGMARK - haven't seen it or can't remember
Prints everything that LOG is missing, like nfmark, ctmark, secmark,
connection state, status. Quite useful when toying around with
fwmark-based policy routing.
> - TARPIT - fine if remaining issues are fixed
> - TEE - same as TARPIT
> - condition - undecided
> - geoip - seems like a toy. Whats the use case?
Matching on countries and (possibly) blocking them. People have
philosophized in the past whether (or not) it could use ipset;
right now it uses a binary search over ipranges, which is at least
a known good denominator.
> - ipp2p - last version I've seen was a *horrible* mess, unless I'm
> confusing it with the other l7 classifier module out there.
It was ugly from a codingstyle pov, which was fixed. It inspects
packets
xt_ipp2p I gave it some care and a cleanup. it also "works", that is, it
matches on bittorrent (something I could test), not all
(data) connections though, but I guess the control connections are in.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
