From: Steve Wise <[EMAIL PROTECTED]> Date: Wed, 05 Jul 2006 12:50:34 -0500
> However, iWARP devices _could_ integrate with netfilter. For most > devices the connection request event (SYN) gets passed up to the host > driver. So the driver can enforce filter rules then. This doesn't work. In order to handle things like NAT and connection tracking properly you must even allow ESTABLISHED state packets to pass through netfilter. Netfilter can have rules such as "NAT port 200 to 300, leave the other fields alone" and your suggested scheme cannot handle this. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
