From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id D097021F1F4
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 20 Mar 2014 11:14:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at example.com
In-Reply-To: <CAA93jw5=TppxOGegDZj+xn1uWmY=k-GW0MDxrCFmkWoKv4X_aA@mail.gmail.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310;
	t=1395339271; bh=Sdc7s7+CqOC4TprLx5nA8wWjx7FAAmU9jM22HDkevoU=;
	h=References:Subject:From:Date:To:CC;
	b=EKzXsfpiufTP0vQG2O41fENk8vjot5IV5V+pRHIh9kQHdoNLt+ZLwr6/9vMRutiMY
	mzkLNQZ+xoD4x4CSItU8xML/reY1SieHgWEeZq74J6rKWwCWqV6nNIiW7auaI3rvJn
	4TaGyt1/fjMpEeIbt/jutMvY8lIoX9lan5vDBPIw=
References: <87txataord.fsf@toke.dk>
	<CAA93jw5o4sqykTXmGa1OB1gtwVn83g13Gs9TQ1LRPKWn7r7gUA@mail.gmail.com>
	<a67be057-8eb0-4902-9072-59ddee357667@email.android.com>
	<87pplh9q09.fsf@toke.dk> <87ior9ow66.fsf@toke.dk>
	<CAA93jw5=TppxOGegDZj+xn1uWmY=k-GW0MDxrCFmkWoKv4X_aA@mail.gmail.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8
From: =?ISO-8859-1?Q?Toke_H=F8iland-J=F8rgensen?= <toke@toke.dk>
Date: Thu, 20 Mar 2014 19:14:29 +0100
To: Dave Taht <dave.taht@gmail.com>
Message-ID: <ebc72f39-f1d5-4656-82d8-5ff36e183e5d@email.android.com>
Cc: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] BCP38 implementation
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 18:14:39 -0000

On 20 March 2014 18:38:17 CET, Dave Taht <dave.taht@gmail.com> wrote:
> I have tested this, made one small modification, and it will be in
> cerowrt-3.10.32-12 and on by default. Nice work!

Thanks! :)

> One possible problem with pushing this up to openwrt is that arguably
> it needs to apply this to the "wan" abstraction in the firewall rules
> rather than a specific interface, and hook into that chain instead.
> (on the other hand, using an actual interface is also good)

Well, having the configuration option be for a firewall zone rather than an interface shouldn't be that difficult. More of a policy question of how to handle upstream detection etc for potentially multiple interfaces. But then I suppose having the option of adding the filter to multiple interfaces might be useful too...

Either way, I can look into it at some later date if it becomes an issue. :)

> The ipset facility has great potential for other uses, for example:

Yeah, it seems to be pretty cool. How is it related to nftables?

-Toke