Am 02.07.2014 17:45, schrieb Rich Felker:
On Tue, Jul 01, 2014 at 08:47:45PM +0200, Harald Becker wrote:Hi Rich!Obviously something like that isn't acceptable for inclusion. It was probably just a hacked-up version of upstream iptables.Just as a question. I did not look into that very deep. You are talking about iptables. I thought newer kernel have a different firewall, with a complete different language/interpreter. Is that really intentional to look still at the old iptables? Wouldn't it be better to implement applets of the new firewall rules, giving also other users a push to use the new firewall infrastructure.I was under the impression that most users/products are still using the iptables interface, despite it having a new backend that they could use directly. It wouldn't hurt to have both, but a command-line-compatible version of iptables is probably more important from a user perspective.
Yes. The new interface has some nice features, but you need a relatively new kernel to use it and many scripts etc. use iptables syntax.
iptables will be around for some years (at least in the embedded world). Thomas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
