[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Mar 2009 09:21:26 +0100
From: Patrick McHardy <kaber@...sh.net>
To: Jan Engelhardt <jengelh@...ozas.de>
CC: Netfilter Development Mailinglist
<netfilter-devel@...r.kernel.org>,
Linux Netdev List <netdev@...r.kernel.org>, tgraf@...g.ch
Subject: Re: [ANNOUNCE]: First release of nftables
Jan Engelhardt wrote:
> On Wednesday 2009-03-18 05:29, Patrick McHardy wrote:
>
>> - logging: logging using the nf_log mechsism using the primary backend.
>>
>> Usage: "log [ prefix "prefix" ] [ group NUM ] [ snaplen NUM ]
>> [ queue-threshold NUM ]
>>
>
> Hm, how does one do traditional logging to syslog? Some of us just do
> logging for debugging purposes and would not otherwise need the full-blown
> nf_log solution - let alone there be enough space on some constrained
> hardware for a thorough logger (say, WRT54).
>
Its using the primary backend. You can load "ipt_LOG".
>> - limit: might be broken currently
>>
>> Usage: "limit rate RATE/time-unit"
>>
>
> Does it use the old limit code (which has numerous accuracy problems
> it seems), or will it magically make use of the rate estimator?
>
It doesn't use either, but it won't have the old accuracy problems
either once
its fixed.
>> git://git.netfilter.org/nftables.git
>>
>
> Missing a tag too, I think you (Patrick) can add it still :)
>
I'll tag it at the first version bump.
>> The kernel tree will eventually also move to netfilter.org, currently
>> the git daemon is unable to handle it because of memory shortage.
>>
>> Ths source code is considered alpha quality and is not meant for users
>> at this time, it will spew quite a lot of debugging messages and
>> definitely has bugs. Nevertheless, all of the basic features and most
>> of the rest should work fine, the last crash has been several months
>> ago. The two most noticable things that currently don't work is
>> numerical argument parsing for arguments that have more specific types
>> (f.i. port numbers), as well as reconstruction of the internal
>> representation of sets and dictionaries using ranges. Both will be
>> fixed shortly.
>>
>
> How about storing the actual text the user inputed in something like
> an -m comment, as an aid to the user for finding his rules again
> after they have been optimized internally?
Thats not really necessary so far, and I don't want to in any case. If
someone
really wants this (and I very much question the need), it can be done in
userspace.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists