[PATCH] NETFILTER: add support for invert condition (!) in
ipt_limit
Sven Schuster
schuster.sven at gmx.de
Tue Oct 18 11:19:10 CEST 2005
Hi Henrik,
On Tue, Oct 18, 2005 at 10:33:18AM +0200, Henrik Nordstrom told us:
> Mainly because the way iptables is designed makes it extremely hard to
> extend the core with new attributes without breaking compatibility with
> userspace (which is not allowed), while doing it in the matches is very
> simple even if it leads to duplicated code.
yes that's what I guessed that it can't be done now due to
userspace compatibility issues. But apart from that, it would have
been a better solution if it had been implemented in the core from "day
1" on, wouldn't it??
Thanks,
Sven
> Regards
> Henrik
>
--
Linux zion.homelinux.com 2.6.14-rc4-mm1_10 #10 Mon Oct 17 10:47:30 CEST 2005 i686 athlon i386 GNU/Linux
11:16:33 up 14:47, 1 user, load average: 4.79, 4.26, 2.56
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20051018/26e759b8/attachment.pgp
More information about the netfilter-devel
mailing list