The layer7 filtering packages do not appear to be upstream maintained anymore. The mailing list is dead, and sourceforge hasn't been touched in ages, and the kernel patch set will not apply to any of the kernel sources maintained by Gentoo. Is this something that would be appropriate for hard masking with an explanatory message?
(In reply to Eric Gisse from comment #0) > The layer7 filtering packages do not appear to be upstream maintained > anymore. So? Do you have any issues with l7-filter-userspace > The mailing list is dead, and sourceforge hasn't been touched in ages, and > the kernel patch set will not apply to any of the kernel sources maintained > by Gentoo. There are two _separate_ solutions here: kernel and userspace. In l7-filter-userspace we support only userspace solution. Userspace solution uses NFQUEUE and CONNTRACK, which works just fine. If kernel implementation doesn't work — this problem is unrelated to l7-filter-userspace. > Is this something that would be appropriate for hard masking with an > explanatory message? Why mask a working package?
Ah, ok I misunderstood. The way the l7-filter project has been documented has been entirely in terms of "this is a kernel patch" rather than "oh and by the way there's also a complete alternative userspace implementation using netfilter queues". So I said "mask please" because I was assuming these packages were dependent on that very, very dead kernel component. Since they aren't, mea culpa. I will play with this further since it isn't as dead as initial appearances suggested.
