Evgeniy Polyakov <[EMAIL PROTECTED]> writes: > On Mon, Oct 02, 2006 at 02:57:55PM +0200, Samir Bellabes ([EMAIL PROTECTED]) > wrote: >> Evgeniy Polyakov <[EMAIL PROTECTED]> writes: >> >> > On Mon, Oct 02, 2006 at 08:11:06AM +0200, Samir Bellabes ([EMAIL >> > PROTECTED]) wrote: > You can also extend your module to be more generic and send all (or just > requested in config) state changes for all protocols (or those checked > in config).
Ok, so the next step now is to target all state changes for all protocols, *but* send only the states asked dynamically from the userspace, using the userspace-to-kernel's way of the netlink. What do you think about that ? >> > Btw, you could also create netlink/connector based firewall rules >> > update, I think people with hundreds of rules in one table will bless >> > you after that. >> >> This is the real goal, using ipset - http://ipset.netfilter.org/ >> With this we can easily create a uniq rule for iptables, and then >> add/remove port from the 'set' involve. > > It is not the same as create and update existing rules. > I think hipac project uses feature of fast rules update. > It is quite major break for existing iptables, but it should be > eventually done... Ok now i understand clearly your point. But we are a bit far from the initial idea, even if it could be really good to do that. First, let's code the initial idea. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
