Brian J. Murrell wrote:
On Mon, 2008-03-24 at 09:36 -0700, Tom Eastep wrote:Shorewall also needs it for traffic shaping. There are some things that you can do with iptables that you cannot do with u32 filters.Right. But you were to draw a line between Shorewall and "Routing and Shaping", does Shorewall need the mangle table?
No.
So long as packet/connection marks are the "Linux Networking Kludge of Last Resort", it is impossible to separate functions that use marks from Netfilter/iptables (which means Shorewall for those of us who use it).Indeed. But if you can separate the tables needed for Shorewall and a "Shaping and Routing" package, that helps a routing/shaping package stand on it's own independent from Shorewall and gain some critical mass.
True. Although having to combine Routing and Shaping into the same package is unfortunate.
Cooperation between the two packages would not be bad, to be sure, but shouldn't be necessary. Requiring Shorewall would be a barrier to acceptance of a Routing and Shaping management interface. If a Routing and Shaping package were to be created to release Shorewall of it's responsibilities there, I'd like to see it usable by those not wanting Shorewall.
Fair enough. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
