On Thu, Dec 13, 2012 at 05:41:28PM +0100, Jan Engelhardt wrote: > On Thursday 2012-12-13 16:16, Pablo Neira Ayuso wrote: > > >On Thu, Dec 13, 2012 at 03:53:45PM +0100, Jan Engelhardt wrote: > >[...] > >> In my opinion, there is nothing wrong with keeping some concepts. A > >> developer is not required to reevaluate and reinnovate every concept > >> there has been just for the heck of it. (The old "evolution, not > >> revolution" credo.) Throwing everything overboard generally does not > >> turn out to work these days. > > > >Nobody is going to throw everything overboard. Nftables is backward > >compatible while providing a new framework[,] > > That sounds just like xt2. Compatibility exists such that there is a > defined mapping from xt1->xt2 rules (at one point I did write a > setsockopt translator in the past...); the userspace tool mimics > iptables in syntax, though I have allowed myself to not have certain > options in the CLI tool. We provided that compatibility layer that mimics iptables in Oct 2012 [1]. However, it seems you prefered to code it your way from almost scratch, that's confusing. > New framework, same thing, I guess. xt_core is independent of > xt_nfnetlink and I do not see any hurdle in introducing new concepts > if so desired. We have already new concepts in nftables, have a look at it. Please, I think this conversation just started spinning and the same arguments are showing up over and over again, it's time to stop this. [1] http://www.spinics.net/lists/netfilter-devel/msg23831.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
