[Ipchains-dev] Add remaining hooks to iptables?
Paul Rusty Russell
Tue, 31 Aug 1999 12:12:08 -0700
In message <37CA5D41.C601E1B0@GiS.NeT> you write:
> Hi Paul,
> It would be nice to be able to do a -j QUEUE on the other two hooks
> by netfilter, but not by iptables (PRE_ROUTINE and POST_ROUTING).
> Currently, you have to use the redirect.o module or something similar. Is
> this possible?
[ Note that the new netfilter list is cc:'d above ]
Packet filtering doesn't belong on those hooks, and I knew if I put
them there people would use them 8-).
A better idea might be to separate out the packet-classifier API from
iptables into a separate library, and then it's trivial to write an
iptables-like module which hooks into a different hook. This would be
an enhanced redirect module, in essence.