Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
you can match on every packet of the connection. most people don't bother, but all you have to do is to not put 'if established allow' at the top of your ruleset.
the question of what is done automaticaly and what should be done explicitly can be argued forever, I see this as significantly weakening your RELATED complaint.
where does it match TIME_WAIT by default?
as for macros for rule management, with iptables you can use whatever tools you want in userspace to create your rules.
the things you are listing as drawbacks don't seem as drastic to me as they seem to appear to you.
Nftables: a new packet filtering engine
Posted Mar 25, 2009 10:50 UTC (Wed) by herge (guest, #57423)
Once a connection has reached the TIME_WAIT state, it will be kept in the connection table for 120s.
While it can be tuned down, thei behavior should be dropped IMHO.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds