Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ipfwadm X ipchains

From: William Stearns <wstearns () pobox com>
Date: Mon, 20 Sep 1999 23:08:50 -0400 (EDT)
On 20 Sep 1999 dwelch () phoneboy com wrote:


On Sun, 19 September 1999, William Stearns wrote:


    The 2.4.x kernel series, hopefully coming out in December, will
support iptables.  iptables has backwards compatibility modules for
running either ipfwadm or ipchains firewalls.  The native implementation
is extensible; anyone can create new loadable modules that provide either
new matching fields or new actions when a packet matches.  For example,
there's a module that allows matches on the source mac address.


I'd like to see:

1. Stateful packet filtering for non-MASQed stuff.


        Brian Murrell is working on SPF, but I don't know the state of
that project.  Brian?


2. The ability to log somewhere other than /var/log/messages


        The log module in iptables allows you to set the logging level so
syslogd can direct the packets to any file you'd like.  It also has the
ability to include an additional user defined field for identification
while processing the logs.


But that's just me. Does the 2.4.x kernels have that functionality?


        The logging functionality is available right now for testing in
the 2.3.x kernel series, with the standard reminder that the odd second
digit denotes a kernel series under active development that is not
recommended for production servers.  See the FAQ at
http://www.tux.org/lkml/


Sounds like, if nothing else, it could be coded so it does.


        Rusty would certainly like testers, coders, idea people for
continued development.  Any interest?  http://www.samba.org/netfilter/
        Cheers,
        - Bill

---------------------------------------------------------------------------
        Q: Will the tcp/ethernet SMP scaling changes be back-ported to 2.2.x?
        Mingo: yes, all SMP changes in 2.3 will be backported to 2.2 in the
next few months, but to not confuse it with 2.2 it will be named '2.4' ;)
        -- Ingo Molnar <mingo () chiara csoma elte hu>
--------------------------------------------------------------------------
William Stearns (wstearns () pobox com).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns/
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: