Re: 2.6.12: connection tracking broken?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jun 23, 2005 at 06:23:20AM +0000, Bart De Schuymer wrote:
> Op do, 23-06-2005 te 07:49 +1000, schreef Herbert Xu:
> > Longer term though we should obsolete the ipt_physdev module.  The
> > rationale there is that this creates a precedence that we can't
> > possibly maintain in a consistent way.  For example, we don't have
> > a target that matches by hardware MAC address.  If you wanted to
> > do that, you'd hook into the arptables interface rather than deferring
> > iptables after the creation of the hardware header.
> 
> Iptables also sees purely bridged packets and at least for these packets
> the physdev module is useful and harmless. I think removing physdev
> alltogether is a bit drastic.
> 
> I wonder what flood of messages from angry users the removal of the
> physdev functionality for routed packets will stirr.

I have to agree with Bart.  I don't know any bridging-packetfilter setup
that doesn't use ipt_physdev in FORWARD :(

-- 
- Harald Welte <[email protected]>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux