Hi Phil, On Tue, Aug 01, 2006 at 11:46:55AM -0700, Phil Oester told us: > Since in this scenario userspace is able to determine ppp vs pptp, > could you not also do something like have an inbound_ppp and inbound_pptp > chain, then jump to the appropriate chain depending on type? If you > need per-interface rules, then create an inbound_pppX chain, populate > it with rules, then jump to that chain if -i pppX. In ip-down, just > delete the chain as well as the jump.
if I understood Balazs correctly, one of the things he wanted to avoid is addition/deletion of iptables rules on every pppX interface up/down as this would require the complete chain (say, INPUT or OUTPUT) to be "downloaded" to userspace, modified and then again "uploaded" to the kernel. At least until iptables redesign to allow replacement/insertion/deletion of single rules is completed which if started at all will take quite some more time :-) Sven > Phil > -- Linux zion.homelinux.com 2.6.17-rc5-mm1_35 #35 Tue May 30 14:11:06 CEST 2006 i686 athlon i386 GNU/Linux 21:13:05 up 19:46, 2 users, load average: 0.22, 0.28, 0.27
pgppq71YDoo0k.pgp
Description: PGP signature
