On Thursday 2012-12-13 18:25, Pablo Neira Ayuso wrote: >> >> turn out to work these days. >> > >> >Nobody is going to throw everything overboard. Nftables is backward >> >compatible while providing a new framework[,] >> >> That sounds just like xt2. Compatibility exists such that there is a >> defined mapping from xt1->xt2 rules (at one point I did write a >> setsockopt translator in the past...); the userspace tool mimics >> iptables in syntax, though I have allowed myself to not have certain >> options in the CLI tool. > >We provided that compatibility layer that mimics iptables in Oct 2012 >[1]. However, it seems you prefered to code it your way from almost >scratch, that's confusing. That's just not true; I did post before on the xt2 matter as well, in its various stages. xtables2_a8: http://marc.info/?l=netfilter-devel&m=132699055220975&w=2 xtables2_a7: https://lwn.net/Articles/426896/ https://lwn.net/Articles/417619/ There is even older experimenting stuff in my git repo, which you can look at. (The dates are not forged - you will have to trust me on that.) Each of us are (understandably) biased, as each has contributed to "their" implementation. But, you also have the decisive power as the Linux kernel Netfilter subsystem maintainer, and I fear that you might use this to reject xt2 to force nft. That thought _terrifies_ me, and were it so, it would not be an environment I want to work in. Just say so if I am to GTFO. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
