firewall-init for iptables
Jacek Konieczny
jajcus at pld.org.pl
Sat Mar 3 17:21:30 CET 2001
I have installed 2.4.2 kernel on two machines. I wanted to check the new
firewall-init too. I was never using old firewall-init as it wasn't good
for using all Linux ipchains features. The new code is much better at
this point, but I still don't like it much.
But it is great, that configuration is split by tables/chains/protocols
and that new chains can be defined (I don't think it was possible in old
firewall-init).
1. A lot of things are hard-codded in
/etc/sysconfig/firewall.d/functions. Especially icmp handling. Should'n
the admin be the one who decides which packets are to be dropped?
2. If the config files are supposed to contain iptables rules, why have
I put "$iptables" there? And why should I define some functions?
3. It doesn't seem to work with 2.4.2-1 kernel --- IPv6 logging and
icmpv6 stuff. But it seems the kernel and iptables in CVS are fixed.
And one more thing documentation (in /usr/share/doc) is not accessible
for normal user. I don't like reading docs as root!
Greets,
Jacek
More information about the pld-devel-en
mailing list