Brian J. Murrell wrote:
If you remove policy routing from Shorewall, does Shorewall need the mangle table for anything else? Is policy routing handled anywhere else in netfilter other than the mangle table? I'm trying to judge the feasibility of actually achieving the goal.
Shorewall also needs it for traffic shaping. There are some things that you can do with iptables that you cannot do with u32 filters.
I think trying to create a wholly separate project for policy routing that depends on some work that Shorewall does in preparation for it makes the idea of separate project that much more difficult. If each can stand on their own and solve their particular problems, it gets easier to separate them.
So long as packet/connection marks are the "Linux Networking Kludge of Last Resort", it is impossible to separate functions that use marks from Netfilter/iptables (which means Shorewall for those of us who use it).
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
