--On 2 July 2012 09:54:20 +0200 Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
wrote:
- my view follows how the subsytem sees the interfaces
------------------
pkt comes in --- interface | ipset subsytem | interface --- pkt goes out
^ ------------------ ^
source destination
I have no comment on the back compatibility issue, but from a clean sheet
these interfaces should probably be called "ingress" and "egress"
interfaces (or, if you must 'input' and 'output' but those are ripe for
confusion with iptables rules). If those aren't the terms in the RFCs, they
are certainly terms of art commonly used by router vendors.
From my point of view, the current nomenclature is better than reversing
them (as I think is being proposed), but they are confusing in the case of
forwarded traffic where neither interface might be the 'source' or
'destination' in an IP sense. Swapping them would cause more confusion.
--
Alex Bligh
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
