Herbert Xu schrieb:
>
> Longer term though we should obsolete the ipt_physdev module. The
> rationale there is that this creates a precedence that we can't
> possibly maintain in a consistent way. For example, we don't have
> a target that matches by hardware MAC address. If you wanted to
> do that, you'd hook into the arptables interface rather than deferring
> iptables after the creation of the hardware header.
>
> This can be done in two stages to minimise pain for people already
> using it:
>
> 1) We rewrite ipt_physdev to do the lookups necessary to get the output
> physical devices through the bridge layer. Of course this may not be
> the real output device due to changes in the environment. So this should
> be accompanied with a warning that users should switch to ebt.
>
> 2) We remove the iptables deferring since ipt_physdev will no longer need
> it.
>
> 3) After a set period (say a year or so) we remove ipt_physdev altogether.
For my local setup it is already a minor PITA that there is no tool
combining the functionality of arptables, ebtables and iptables, but
I can cope with the help of marking and ipt_physdev. If that doesn't
work reliably anymore, I'll be stuck.
Wasn't someone working on a unified framework for *tables? IIRC that
would have been pkttables, but Harald(?) said there was not much
code there yet.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]