Shorewall devel - Jul 2007 - Fwd: [NETFILTER 43/50]: ipt_SAME: add to feature-removal-schedule

Tom

Have you seen this?

Steven.

----------  Forwarded Message  ----------

Subject: [NETFILTER 43/50]: ipt_SAME: add to feature-removal-schedule
Date: Saturday 07 July 2007 13:24
From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>

[NETFILTER]: ipt_SAME: add to feature-removal-schedule

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 4d2355649d522d4ced604b5f1002d6a314ca5a30
tree d72fc9ad1fcb90d552f055cc3cd9939238e3d672
parent a145c8a34ab8aee235642d69b4fbc56846e92e63
author Patrick McHardy <kaber@trash.net> Sat, 07 Jul 2007 12:16:03 +0200
committer Patrick McHardy <kaber@trash.net> Sat, 07 Jul 2007 12:16:03
+0200

 Documentation/feature-removal-schedule.txt |    8 ++++++++
 net/ipv4/netfilter/Kconfig                 |    2 +-
 2 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/Documentation/feature-removal-schedule.txt
 b/Documentation/feature-removal-schedule.txt index 7acecad..c284edd 100644
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -329,3 +329,11 @@ Who:  Tejun Heo <htejun@gmail.com>

 ---------------------------

+What:	iptables SAME target
+When:	1.1. 2008
+Files:	net/ipv4/netfilter/ipt_SAME.c,
 include/linux/netfilter_ipv4/ipt_SAME.h +Why:	Obsolete for multiple years
 now, NAT core provides the same behaviour. +	Unfixable broken wrt. 32/64 bit
 cleanness.
+Who:	Patrick McHardy <kaber@trash.net>
+
+---------------------------
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 46509fa..fa97947 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -230,7 +230,7 @@ config IP_NF_TARGET_NETMAP
 	  To compile it as a module, choose M here.  If unsure, say N.

 config IP_NF_TARGET_SAME
-	tristate "SAME target support"
+	tristate "SAME target support (OBSOLETE)"
 	depends on NF_NAT
 	help
 	  This option adds a `SAME'' target, which works like the standard
SNAT

-------------------------------------------------------


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Steven Jan Springl wrote:
> Tom
> 
> Have you seen this?
> 

No -- I didn''t see that.

Thanks, Steven

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Sat, Jul 07, 2007 at 12:13:44PM -0700, Tom Eastep
wrote:
> Steven Jan Springl wrote:
> > Tom
> > 
> > Have you seen this?
> > 
> 
> 
> No -- I didn''t see that.
> 
> Thanks, Steven
> 
Will this require any modifications to shorewall 3.4?

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Roberto C. Sánchez wrote:
> On Sat, Jul 07, 2007 at 12:13:44PM -0700, Tom Eastep wrote:
>> Steven Jan Springl wrote:
>>> Tom
>>>
>>> Have you seen this?
>>>
>>
>> No -- I didn''t see that.
>>
>> Thanks, Steven
>>
> Will this require any modifications to shorewall 3.4?
Might be a good idea to add a warning to the manpages for shorewall-masq
and shorewall-rules where SAME is mentioned. I just did that for the 4.0
manpages.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Sat, Jul 07, 2007 at 12:34:02PM -0700, Tom Eastep
wrote:
> Roberto C. Sánchez wrote:
> > On Sat, Jul 07, 2007 at 12:13:44PM -0700, Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> Tom
> >>>
> >>> Have you seen this?
> >>>
> >>
> >> No -- I didn''t see that.
> >>
> >> Thanks, Steven
> >>
> > Will this require any modifications to shorewall 3.4?
> 
> Might be a good idea to add a warning to the manpages for shorewall-masq
> and shorewall-rules where SAME is mentioned. I just did that for the 4.0
> manpages.
> 
Done.

BTW, I find it really annoying that sourceforge only supports svn access
over http/https.  ssh was nicer since I could then use a key and not
have to track another password. (end rant)

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Roberto C. Sánchez wrote:
> On Sat, Jul 07, 2007 at 12:34:02PM -0700, Tom Eastep wrote:
>> Roberto C. Sánchez wrote:
>>> On Sat, Jul 07, 2007 at 12:13:44PM -0700, Tom Eastep wrote:
>>>> Steven Jan Springl wrote:
>>>>> Tom
>>>>>
>>>>> Have you seen this?
>>>>>
>>>> No -- I didn''t see that.
>>>>
>>>> Thanks, Steven
>>>>
>>> Will this require any modifications to shorewall 3.4?
>> Might be a good idea to add a warning to the manpages for
shorewall-masq
>> and shorewall-rules where SAME is mentioned. I just did that for the
4.0
>> manpages.
>>
> Done.
Thanks, Roberto.
> 
> BTW, I find it really annoying that sourceforge only supports svn access
> over http/https.  ssh was nicer since I could then use a key and not
> have to track another password. (end rant)
Yes -- it''s a PITA.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Roberto C. Sánchez escribió:
> BTW, I find it really annoying that sourceforge only supports svn access
> over http/https.  ssh was nicer since I could then use a key and not
> have to track another password. (end rant)
> 
They are trying to preserve sysadmin sanity.

the svn ssh mode is really **hard** to administer and deploy in large
scale, not to mention very feature reduced, it is simple not worth the
hassle. you really dont want that, trust me :-)








-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Sat, Jul 07, 2007 at 10:07:40PM -0400, Cristian Rodriguez R.
wrote:
> Roberto C. Sánchez escribió:
> 
> > BTW, I find it really annoying that sourceforge only supports svn
access
> > over http/https.  ssh was nicer since I could then use a key and not
> > have to track another password. (end rant)
> > 
> 
> They are trying to preserve sysadmin sanity.
> 
> the svn ssh mode is really **hard** to administer and deploy in large
> scale, not to mention very feature reduced, it is simple not worth the
> hassle. you really dont want that, trust me :-)
> 
Out of curiousity, how is it feature reduced?  Also, how is it harder to
administer.  If you put all your users in a database or directory
anyway, it is not any harder to make that database or directory serve
system users for shell access than it is to have it serve the users up
for HTTP authentication.

Regards,

-Roberto


-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Roberto C. Sánchez escribió:
>>
> Out of curiousity, how is it feature reduced?  Also, how is it harder to
> administer.  

http://svnbook.red-bean.com/nightly/en/svn.serverconfig.choosing.html

try to deploy something at the scale needed by sourceforge after reading
the section "svn over ssh" and then read the section "The Apache
HTTP
Server" section for reasons why they do use http instead ;-)




-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Sat, Jul 07, 2007 at 10:48:18PM -0400, Cristian Rodriguez R.
wrote:
> Roberto C. Sánchez escribió:
> 
> >>
> > Out of curiousity, how is it feature reduced?  Also, how is it harder
to
> > administer.  
> 
> 
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.choosing.html
> 
> try to deploy something at the scale needed by sourceforge after reading
> the section "svn over ssh" and then read the section "The
Apache HTTP
> Server" section for reasons why they do use http instead ;-)
> 
Good points.  Still, it would be nice if I didn''t have to re-enter my
username/password *every* single time I want to update/commit.

Regards,

-Roberto


-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Roberto C. Sánchez escribió:
> On Sat, Jul 07, 2007 at 10:48:18PM -0400, Cristian Rodriguez R. wrote:
>> Roberto C. Sánchez escribió:
>>
>>> Out of curiousity, how is it feature reduced?  Also, how is it
harder to
>>> administer.  
>>
>> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.choosing.html
>>
>> try to deploy something at the scale needed by sourceforge after
reading
>> the section "svn over ssh" and then read the section
"The Apache HTTP
>> Server" section for reasons why they do use http instead ;-)
>>
> Good points.  Still, it would be nice if I didn''t have to re-enter
my
> username/password *every* single time I want to update/commit.

you dont have to, why is your svn client behaving like that ? ( the
default behaviour is to save the password)

svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/
trunk/tools/subversion ~/.svn will to the trick I think.







-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Cristian Rodriguez R. escribió:
> you dont have to, why is your svn client behaving like that ? ( the
> default behaviour is to save the password)
> 
> svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/
> trunk/tools/subversion ~/.svn will to the trick I think.
> 
I meant ~/.subversion instead of ~/.svn ;-)







-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Sun, Jul 08, 2007 at 01:25:00AM -0400, Cristian Rodriguez R.
wrote:
> Roberto C. Sánchez escribió:
> >>
> > Good points.  Still, it would be nice if I didn''t have to
re-enter my
> > username/password *every* single time I want to update/commit.
> 
> 
> you dont have to, why is your svn client behaving like that ? ( the
> default behaviour is to save the password)
> 
Becuase I have disabled that behavior.
> svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/
> trunk/tools/subversion ~/.svn will to the trick I think.
> 
No.  Because it will store the password in plaintext unencrypted on my
local disk.  That is why I use keys with everything.  I have just a
small number of very long and complex passphrases which give me login
access to all the places which allow me to use ssh keys.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Roberto C. Sánchez escribió:
> On Sun, Jul 08, 2007 at 01:25:00AM -0400, Cristian Rodriguez R. wrote:
>> Roberto C. Sánchez escribió:
>>> Good points.  Still, it would be nice if I didn''t have to
re-enter my
>>> username/password *every* single time I want to update/commit.
>>
>> you dont have to, why is your svn client behaving like that ? ( the
>> default behaviour is to save the password)
>>
> Becuase I have disabled that behavior.
> 
>> svn co https://shorewall.svn.sourceforge.net/svnroot/shorewall/
>> trunk/tools/subversion ~/.svn will to the trick I think.
>>
> No.  Because it will store the password in plaintext unencrypted on my
> local disk.  
http://subversion.tigris.org/faq.html#plaintext-passwords

http://svnbook.red-bean.com/nightly/en/svn.serverconfig.netmodel.html#svn.serverconfig.netmodel.credcache


This is a security tradeoff for functionality, just live with it. not a
big deal if your computer is secure enough. ;-P






-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/