>> I now agree with Cris' comment on the slug home page:
>> "Unfortunately, whilst everyone was impressed with Netfilter, and Chris's
>> overview of it, no one was willing to entrust a production firewall to Linux
>> 2.4. Perhaps around 2.4.10"
>This was *NOT* my comment. I use Netfilter at home, and I'm about to
>deploy it into production.
>The NAT code in Netfilter is *far* better than the old Masq system in
>2.2 in terms of flexibility.
Oh by the way, I forgot to say I researched the matter last week before I put Netfilter into production.
And I found that it has much better connection tracking than ipchains and doesn't even need helper modules for many protocols such as ICQ etc. Of course that all in the publicly available documentation, what I brought up before wasn't known to all the non-code hackers / netfilter mailing list lurkers.
I wasn't slagging netfilter. I am a user of it aren't I? I said earlier it replaced something that costs money. So please research your replies before flaming other users.
>You obviously didn't research this very well before jumping to
>conclusions, and I do not appreciate being misrepresented.
> Hack the Source Luke. They even tell you what changes you'd need
> to make.
> For the unaware, he's lifted the comment from Jeff's report on the
> last meeting. These were Jeff's words, not mine.
> Yes, the C. stands for Chris, not for Crossfire.
Crossfire | This email was brought to you
xfire@xxxxxxxx | on 100% Recycled Electrons