[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: POM Xtables???
From:       Brent Clark <brentgclarklist () gmail ! com>
Date:       2008-08-19 11:35:01
Message-ID: 48AAAFE5.10201 () gmail ! com
[Download RAW message or body]

James King wrote:
> ipp2p and l7filter both use different strategies for DPI
> classification, each having their own pros and cons.
You know most people, groups etc look for the next best thing. Take a 
look at Firefox and apple ( *pod), they continuously announcing whats 
hip and new, what they doing etc, and looking at ways to keep a captive 
audience.

My question is what netfilters next best thing?

Having used and using Xtables, I thinking it FSCKING brilliant (excuse 
slander, hope I did not offend, but there was not other way to explain). 
I dont have to struggle and my turn around time is minutes.
I continuously thank Jan for the work his doing.

I suggest forget POM. its old and the process is slow and laborious (and 
thats hoping you can get it compiled in the kernel).

Getting back to iptables.

Its great to see others stepping forward and wanting to implement a 
Layer 7 filtering, and I say go for it and work on it, but in the mean 
time and to the netfilter team, my question is, how long will that take 
till its able to get off the ground to too hope that it gets accepted by 
the teams (netfilter and kernel).

To be constructive, and looking for a solid way forward (even if 
interim), would it not be better to implement l7 in xtables or better 
iptables.
Yes the L7 code may suck now or incorrectly thoughtout, but getting it 
working will help people. People understand that its not perfect or bug 
less, the fact they have option and it being worked on, helps.

Im of the opinion that Netfilter really needs to look and think out the 
box and realize ppl want *now*, troubleless (less not free), shiny and 
new (this goes hand in hand with promoting, marketing etc).
Google for pf vs iptables, and you will find a plethora of links 
promoting either / or. Netfilter needs that "shiny" that will set it 
apart from the rest that will and have the bells and whistles.

My aim it to not offend anyone, but let the powers that be know, that 
there is a demand for more. Ill probably get flamed, but I hope this 
email gets taken in the light of constructive criticism and for the 
greater of the user community that like quick install, all in one solution.

Kind Regards
Brent Clark

P.s. James, I hope you get your solution off the ground  and working.







--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]