Tom Eastep wrote: > I welcome suggestions for other such changes and for other features that you > believe we should consider. > 1. nftables support? 2. Implement INLINE everywhere (incl. all tc* files)? 3. Implement "; custom matches" everywhere? 4. Integrate "postcompile" and document it? 5. Implement tc's "ematch" capability (so that the "ipset" ematch could be used)? 6. Implement IPSETs everywhere where iptables allows it, and I mean *everywhere*? One example - I currently have matches inserted by customised statements from my "started" file for some of the main chains (like fw2zone and zone2fw), substituting the "net=xxx" option, but that is one hell of an ugly hack and very prone to errors! The new-ish version of the ipset match allow for byte and packet counters to be used, so that could come handy in the accounting features in shorewall. 7. Implement access to the RAW tables/chains, similar to that of "rules"?
That's just a few points on my "wish" list. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
