Henning Brauer escreveu: > * Giancarlo Razzolini <[EMAIL PROTECTED]> [2008-03-03 14:35]: >> Tags are only visible while in the kernel. Once you send them to a >> application, unless it has the ability to set a tag, the tag will be >> lost. The ftp-proxy(8) AFAICR, since 4.1 has the ability to set a tag on >> the packet. It would be nice if more userland applications like sshd, >> spamd, hoststated, etc, could set tags too. > > actually, it is not ftp-proxy that sets tags. ftp-proxy dynamically > inserts rules and makes THEM tag the packets. that concept doesn't > translate all that well to the other usage cases you mention. > And, as the packets passes by the rules that ftp-proxy inserted, they can be filtered on using the tag inserted with ftp-proxy. But it would be really nice to have other applications being able to "see" tags and set them too in the packets passing through them. But i don't see it much as a limitation. I do use the user keyword or other means to filter based on the application. Also, a very good thing is the ability to use the authpf. I also think that the new chroot functionally off ssh that is shipping with open 4.3, will help on doing this.
My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
