I use it a lot via 'cat' and Shorewall (via 'shorewall show
connections'). I use it for one particular reason - to track
SELinux contexts (text, NOT numbers!) on active connections. So, am
I going to see the SELinux context for each connection in text
without the need to use conntrack-utils or not (simple 'yes' or
'no' answer will do)?
That's like saying we need /proc/self/df just so that we can know the
fill state of disks without resorting to a userspace tool (oooh~ god forbid!).
What is that suppose to mean? Are you suggesting that for the dubious
privilege of seeing secmark=<selctx> - the way it should have been
developed in the first place - as oppose to secmark=XXX as was the case
up until now, I have to install your set of tools? I don't think so!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html