Re: [ANNOUNCE] ipset 6.13 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
I have to weight the "great deal of inconsistency and inconvenience" caused to you against breaking firewall setups out there. I really appreciate your comments, but in this case you should adapt.
You are in no position to tell me what I should be doing. As for the "breaking firewall setups" bit - see my previous comments.
Also, there is a flip-side to that particular coin - by keeping buggy netfilter/kernel code, I'd argue that this is more likely to "break firewall setups" as you put it - by keeping this, wrongful, setup and the whole notion that for incoming IP addresses, subnets, ports and everything else one should use "dst" designation, but for incoming interfaces I should use "src" instead. I mean, really, get a grip of yourself!
Do you think all admins constantly read all changelogs, mailing lists about all the software they use to catch backward incompatible changes? 
They do, if they're worth their salt.
You are aware of the "inconveniece", and you could adapt yourself to it anytime.
Why should I, as a network admin, have to adapt to this buggy code just because you just can't see what's in front of your face?
I'm responsible for every user, for those who never read these mailing lists as well.
So, is ignorance an excuse nowadays? I never expected to read that from a Netfilter developer, but there is a first time for everything I suppose. 


Feel free to involve anyone.
It is the only way I see forward as, evidently, "debating" this with you is completely and utterly pointless - you are like a broken record, repeating the same over and over and over again like an automaton.
You argue that the meaning of src/dst for the interface part is counter-intuitieve and therefore must be reversed - regardless of the backward compatibility issue and the possible breaking of existing setups.
Where did I state, or even hinted that it is "counter-intuitive"? That's right, I didn't. Because it is not "counter-intuitive", it is, at best, wrong and inconsistent, at worse - buggy and downright misleading! Can you read, Jozsef? 

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux