[Gllug] High Availability firewall
Nix
nix at esperi.org.uk
Sat Apr 8 16:00:05 UTC 2006
On Sun, 2 Apr 2006, Bruce Richardson stated:
> I can see why the iptables design prevents the creation of chains that
> are common to all tables but that doesn't make it any more acceptable.
> Most people who run up against this limitation seem to work round it
> either by using fwmark (a very ugly way to solve the problem) or by
> using templates to generate the rules in the hope that this will
> minimise the occasions for error. Still, I look at pf, where you can
> give a chain of rules a return value and use it as a function, with
> envy.
Yeah, iptables seems to be a classic TeX-like case of `we didn't realise
that what we were building should have been a language until it was too
late'.
--
`On a scale of 1-10, X's "brokenness rating" is 1.1, but that's only
because bringing Windows into the picture rescaled "brokenness" by
a factor of 10.' --- Peter da Silva
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list