firewall-init for iptables

Jacek Konieczny jajcus at pld.org.pl
Sat Mar 3 17:21:30 CET 2001


I have installed 2.4.2 kernel on two machines. I wanted to check the new
firewall-init too. I was never using old firewall-init as it wasn't good
for using all Linux ipchains features. The new code is much better at
this point, but I still don't like it much.
But it is great, that configuration is split by tables/chains/protocols
and that new chains can be defined (I don't think it was possible in old
firewall-init).

1. A lot of things are hard-codded in
/etc/sysconfig/firewall.d/functions. Especially icmp handling. Should'n
the admin be the one who decides which packets are to be dropped?

2. If the config files are supposed to contain iptables rules, why have
I put "$iptables" there? And why should I define some functions?

3. It doesn't seem to work with 2.4.2-1 kernel --- IPv6 logging and
icmpv6 stuff. But it seems the kernel and iptables in CVS are fixed.

And one more thing documentation (in /usr/share/doc) is not accessible
for normal user. I don't like reading docs as root!

Greets,
        Jacek



More information about the pld-devel-en mailing list