Description of problem: Customer and customers customers, wish to have 'policy match' available for iptables. Internal Prio3 Customer Prio2
Target Milestone RHEL4.5 Why is this feature or bug fix required?: Client is a large Telecom (T-Systems) they currently run following setup: 2xRHEL vpn -> client site (client requires that T-Systems only uses assigned trusted addresses However as IPSec is involved also they need to translate theis addreses with SNAT amd DNAT Additionally both VPN-GW are in a Trusted Net that requires NAT-Traversal What is the impact (customer impact, revenue impact) of NOT providing this feature or bug fix? Potentially they would loose a lot of client that would go for a RHEL solution. Is a workaround available? Well, yes, use two physical boxes and route the traffic in between them, this comes in as additional cost HW & SW. iptables from Version 1.3.5 onwards integrates 'Policy-Match', kernel also requires a patch from Patrick McHardy that's already in upstream in kernel2.6.16 as well as in FC5 in 2.6.15. Description for policy to be found here: http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra-policy
At first this has to make it into the kernel, second the header file has to get integrated into glibc-kernheaders, then it can be enabled in iptables. Assigning to kernel for now. Please assign to glibc-kernheaders afterwards and if it is done for these packages, reassign to iptables.
any update on this bug?
Adding fdechery to the cc list as the manager of the disabled user xoleron who reported this bug