On Thursday 2012-12-13 16:16, Pablo Neira Ayuso wrote: >On Thu, Dec 13, 2012 at 03:53:45PM +0100, Jan Engelhardt wrote: >[...] >> In my opinion, there is nothing wrong with keeping some concepts. A >> developer is not required to reevaluate and reinnovate every concept >> there has been just for the heck of it. (The old "evolution, not >> revolution" credo.) Throwing everything overboard generally does not >> turn out to work these days. > >Nobody is going to throw everything overboard. Nftables is backward >compatible while providing a new framework[,] That sounds just like xt2. Compatibility exists such that there is a defined mapping from xt1->xt2 rules (at one point I did write a setsockopt translator in the past...); the userspace tool mimics iptables in syntax, though I have allowed myself to not have certain options in the CLI tool. New framework, same thing, I guess. xt_core is independent of xt_nfnetlink and I do not see any hurdle in introducing new concepts if so desired. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
