Hi, as of the time netfilter got merged into the kernel it has become a big set of patches which do or do not go well to the current kernel. We have this thing called newnat and everything.
Nowadays I have a set of production routers and NAT staff that are based on the netfilter and other stuff and I see there is a lot of good stuff in patches that would be useful and I would like to test these and if they work move to production. But.. How much does netfilter depend on the rest of the kernel development? Not a very much as long as the hooks stay and are enabled. I've lately become aware that building a big all-in-one kernel is coming more and more trouble and it is easier to build the basic kernel and after that build lm_sensors and ipsec and everything after that as their own components. In this case, the FreeSWAN and lm_sensors provide me alternative way from bringing the main kernel source tree up to date. They have a standalone module build that depends on the main kernel source tree but does not try to patch it, rather uses their own builds. I think what netfilter is lacking is a development branch, this big bunch of patches is coming uncontrollable atleast that is how I saw it when I tried to patch the things I wanted to try to one packet. What do you think, could it be worthy to still have a development brach of netfilter living outside the Linus controlled main tree? Hope I make sense.. Thanks, Sampsa Ranta [EMAIL PROTECTED]
