On 9/30/10 3:20 PM, Mr Dash Four wrote: > >> 1) Shorewall now uses the 'conntrack' utility for 'show connections' >> if that utility is installed. Going forward, the Netfilter team >> will be enhancing this interface rather than the /proc interface. >> > Erm, No! > > The /proc interface will also be 'fixed' to include secctx field (i.e. > secctx=system_u:object_r:packet_t:s0), which shows the correct SELinux > context and the existing field secmark will be dropped.
Jan Engelhardt (who I see as a possible successor to Patrick McHardy) is championing that general direction, irrespective of what happens with the current set of secmark issues. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
