Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even were it adequately explained, it would still be underused, being a pretty crappy interface. I find it virtually the antithesis of iptables, whose syntax and meaning is fairly intuitive and easy both to remember, and derive from a few example rules.


I agree that tc is not a very good user interface, but I'm not sure I agree with you that IPTables is. Consider http://www.openbsd.org/faq/pf/example1.html#allrules - a nice configuration language does look better than a shell script.


Well I happen to disagree with that.

So yeah, the script is very small. But why is it? Because aliases are used everywhere. Over simplifying things. When you read it, you don't know what it does. When you read the 3 pages of explanations, you get the idea, but you still don't know exactly what it does.

At least with iptables you do. And you can match virtually anything (like a bit in a packet if you like)

The real interface issue is TC.


Uh, yeah, no, that's not my idea of a good user interface. If anything, you've just convinced me never to touch pf.


Go ahead and touch it anyways. I can't imagine firewalling without it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: