On Thu, Oct 05, 2006 at 03:10:02AM +0200, Samir Bellabes ([EMAIL PROTECTED]) wrote: > > You can also extend your module to be more generic and send all (or just > > requested in config) state changes for all protocols (or those checked > > in config). > > Ok, so the next step now is to target all state changes for all > protocols, *but* send only the states asked dynamically from the > userspace, using the userspace-to-kernel's way of the netlink. > What do you think about that ?
That sounds good, but as David mentioned, if there are other good possibilities to do so, there is no need to reinvent new one (although sometimes it is much better to reinvent the wheel, if existing one is square). > >> > Btw, you could also create netlink/connector based firewall rules > >> > update, I think people with hundreds of rules in one table will bless > >> > you after that. > >> > >> This is the real goal, using ipset - http://ipset.netfilter.org/ > >> With this we can easily create a uniq rule for iptables, and then > >> add/remove port from the 'set' involve. > > > > It is not the same as create and update existing rules. > > I think hipac project uses feature of fast rules update. > > It is quite major break for existing iptables, but it should be > > eventually done... > > Ok now i understand clearly your point. > But we are a bit far from the initial idea, even if it could be really > good to do that. First, let's code the initial idea. Agree. -- Evgeniy Polyakov - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
