[ANNOUNCE] New Core Team and Future Plans
Paul Rusty Russell
Tue, 23 Nov 1999 17:18:48 +1100
Marc Boucher (Montreal, Canada) is now a member of the netfilter
core team. This means he can commit to the CVS tree, make releases, make
official-sounding netfilter-ish announcements, etc. The core will be run
without any rules but common sense, death for treason, and freedom to leave
at any time. To get on the core team, simply make us sick of applying your
Visited Marc last weekend to discuss packet selection design
in depth. As might be expected, the result is that we are going to
make some changes for 1.0, in our desire to incorporate more random
The selection mechanism used by iptables will now be used for NAT
as well. This implies that there will be two chains (source and dest, say),
and that user-defined chains can be created just like iptables. But instead
of the iptables targets, NAT will have different targets, and only apply to
NEW connections. All the extended match stuff available to iptables will
be shared with NAT as well.
This decision opens the possibility of other types of mangling using
the same packet selection architecture, with their own targets.
From a user point of view, iptables will not change much, but
ipnatctl will become `iptables -c nat' to control NAT. I can see someone
introducing a random packet mangling infrastructure called `mangle', to do
stuff like TCP mss hacks, and route mark/QoS alteration.
PS. Now working for Linuxcare; thanks to WatchGuard for their excellent