firewall-init for iptables
Jacek Konieczny
jajcus at pld.org.pl
Tue Mar 6 21:12:31 CET 2001
On Sun, Mar 04, 2001 at 03:43:10PM +0100, Jan Rekorajski wrote:
[...]
> What version did you use? It's under development so the latest and greatest
> you can get from CVS (cvs co -r IPTABLES firewall-init).
This is exactly what I have done.
> > 2. If the config files are supposed to contain iptables rules, why have
> > I put "$iptables" there? And why should I define some functions?
>
> I know this is may be a pain, look at the setup_rules() function,
> any suggestion how to fix it is greatly appreciated.
I made similar scripts for ipchains some time ago. The config files
used contained only arguments to ipchains. They were read using "read"
shell command in the scripts, line by line. But for more sophisticated
firewalls it was sloooowww. I think your solution should be faster, although
less elegant. Imho it would be good if iptables could process more
entries at once. Eg. from a file.
> > 3. It doesn't seem to work with 2.4.2-1 kernel --- IPv6 logging and
> > icmpv6 stuff. But it seems the kernel and iptables in CVS are fixed.
>
> For IPv6 LOG target you need latest patch-o-matic (included in 2.4.2-2)
> icmpv6 is another problem - there is total mess in userland tools how
> should it be named and for the time being it just does not work.
> I sent a patch to netfilter-devel but Harald told me he is working
> on a fix that does not involve patching the kernel so we must wait.
But the latest version of firewall-init/iptables/kernel won't display
all those messages?
And one more thing. I think you should change the name of the project.
This is quite different from original firewall-init. Maybe the
firewall-init is still developed (in other distribution).
I have done the same after improving mkinitrd (now it is geninitrd).
I thing it could be rc-firewall (like rc-scripts and rc-inetd).
Greets,
Jacek
PS.
What does "rc" mean in rc-scripts and rc-inetd?
More information about the pld-devel-en
mailing list