Date: Fri, 9 Jan 2009 22:40:31 -0200
From: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
To: Willy Tarreau <w@1wt.eu>
Cc: jmerkey@wolfmountaingroup.com, linux-kernel@vger.kernel.org
Subject: Re: [ANNOUNCE] Kernel Blocking Firewall
Message-ID: <20090110004031.GA21537@khazad-dum.debian.net>
References: <40416.166.70.238.44.1231467823.squirrel@webmail.wolfmountaingroup.com> <20090109064658.GG5038@1wt.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20090109064658.GG5038@1wt.eu>
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 875
Lines: 18

On Fri, 09 Jan 2009, Willy Tarreau wrote:
> why didn't you use ipset for that ? It's designed exactly for this usage
> and is a lot easier to use than plain iptables for dynamic filtering.

Any ideas when it will hit mainline?  ipsets and PF_RING are the only ways
to get two important jobs done:  non-trivial firewalling on high-speed
links, and packet capture in said links...  and neither is in mainline AFAIK.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/