Hi David,

On Mon, Feb 19, 2018 at 10:44:59AM -0500, David Miller wrote:
> From: Harald Welte <lafo...@gnumonks.org>
> Date: Mon, 19 Feb 2018 16:38:08 +0100
> 
> > On Mon, Feb 19, 2018 at 10:27:27AM -0500, David Miller wrote:
> >> > Would you be willing to merge nftables into kernel tools directory
> >> > then?
> >> 
> >> Did you miss the part where I explained that people explicitly disable
> >> NFTABLES in their kernel configs in most if not all large datacenters?
> > 
> > If people to chose to disable a certain feature, then that is their own
> > decision to do so.  We should respect that decision.  Clearly they seem
> > to have no interest in a better or more featureful packet filter, then.
> > 
> > I mean, it's not like somebody proposes to implement NTFS inside the FAT
> > filesystem kernel module because distributors (or data centers) tend to
> > disable the NTFS module?!
> > 
> > How is kernel development these days constrained by what some users may
> > or may not put in their Kconfig?  If they want a given feature, they
> > must enable it.
> 
> This discussion was about why iptables UABI still matters.
> 
> And I'm trying to explain to you one of several reasons why it does.
> 
> Also, instead of saying "They decided to not use NFTABLES, oh well
> that is their problem" it might be more beneficial, especially in the
> long term for netfilter, to think about "why".

OK, so reading between the lines you're saying that nftables project has
failed to provide an adequate successor to iptables?

Cheers, Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to