Re: POM Xtables???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

James King wrote:

ipp2p and l7filter both use different strategies for DPI
classification, each having their own pros and cons.
You know most people, groups etc look for the next best thing. Take a look at Firefox and apple ( *pod), they continuously announcing whats hip and new, what they doing etc, and looking at ways to keep a captive audience. 

My question is what netfilters next best thing?
Having used and using Xtables, I thinking it FSCKING brilliant (excuse slander, hope I did not offend, but there was not other way to explain). I dont have to struggle and my turn around time is minutes. 
I continuously thank Jan for the work his doing.
I suggest forget POM. its old and the process is slow and laborious (and thats hoping you can get it compiled in the kernel). 

Getting back to iptables.
Its great to see others stepping forward and wanting to implement a Layer 7 filtering, and I say go for it and work on it, but in the mean time and to the netfilter team, my question is, how long will that take till its able to get off the ground to too hope that it gets accepted by the teams (netfilter and kernel).
To be constructive, and looking for a solid way forward (even if interim), would it not be better to implement l7 in xtables or better iptables. Yes the L7 code may suck now or incorrectly thoughtout, but getting it working will help people. People understand that its not perfect or bug less, the fact they have option and it being worked on, helps.
Im of the opinion that Netfilter really needs to look and think out the box and realize ppl want *now*, troubleless (less not free), shiny and new (this goes hand in hand with promoting, marketing etc). Google for pf vs iptables, and you will find a plethora of links promoting either / or. Netfilter needs that "shiny" that will set it apart from the rest that will and have the bells and whistles.
My aim it to not offend anyone, but let the powers that be know, that there is a demand for more. Ill probably get flamed, but I hope this email gets taken in the light of constructive criticism and for the greater of the user community that like quick install, all in one solution. 

Kind Regards
Brent Clark

P.s. James, I hope you get your solution off the ground  and working.







--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux