it seems that Userspace version will be developed more regulary then kernel one: http://marc.theaimsgroup.com/?l=l7-filter-developers&m=117363219909313&w=2 [quote] List: l7-filter-developers Subject: Re: [l7-filter-developers] kernel 2.6.20.1 From: Matthew Strait <quadong () users ! sourceforge ! net> Date: 2007-03-11 16:55:47 Message-ID: Pine.LNX.4.64.0703111153230.26980 () localhost ! localdomain [Download message RAW] > L3-dependent is obsolete. Please use the L3-independent framework, it's > not much of a change. (At least where I stand.) Though _I have not_ used > 2.6.20.1 yet, this block of code was all I needed to get some netfilter > code run on 2.6.18, .19 and .20, maybe it's useful for you. > > #if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE) > # include <linux/netfilter_ipv4/ip_conntrack.h> > #else /* linux-2.6.20+ */ > # include <net/netfilter/nf_nat_rule.h> > #endif Thanks for the suggestion. Unfortunately, it appears to be more complicated than that. I've spent a little time trying to update the patch to use nf_conntrack stuff, but have not yet suceeded. If anyone else would like to get this working and submit a patch to the list, that would be great. (I'd really rather be working on the userspace version.) -Matthew [/quote] and,kernel version of l7-filter does not support recent kernels (2.6.20/21): http://l7-filter.sourceforge.net/HOWTO-kernel (see the note in the "What You Need To Get") so, an userspace layer 7 filter ebuild would be very nice: http://l7-filter.sourceforge.net/HOWTO-userspace I hope it will be not so hard to add it in portage tree to test with ~arch words.
going to a userspace is going to save me a bit of hell managing l7-filter (kernel space patch). Added as net-misc/l7-filter-userspace for your testing pleasure.
