On Mon, Jun 30, 2014 at 07:57:56PM -0700, Isaac Dunham wrote: > On Fri, Jun 27, 2014 at 09:26:27AM -0400, Rich Felker wrote: > > On Fri, Jun 27, 2014 at 10:06:07AM +0200, Frank Ihle wrote: > > > >> (6) Is there a (stateless/statefull) firewall for BusyBox ? > > > > think this is not related to busybox. Use iptables? > > > > The lack of an iptables command in Busybox is something that would be > > nice to fix, especially since the official iptables is bloated and > > (last I checked) requires dynamic linking. But this would still not be > > "a firewall for Busybox" (because Busybox is NOT AN OS), just an > > alternate implementation of the low-level firewall configuration tool. > > At one point someone ported iptables to busybox. > However, that was in the busybox 1.00/1.1 era, so it's probably missing > several bugfixes and features, as well as having a lot of bitrot; > it also runs ~14000 lines and requires <rpc/rpc.h>. > The copyright notices say (C) 2000-2002. > (Rob Landley was not interested.)
Obviously something like that isn't acceptable for inclusion. It was probably just a hacked-up version of upstream iptables. The right way to add iptables would be to reverse engineer it via strace (i.e. only look at the syscalls it makes to perform the actual commands, not the source code, which is likely hideous) and write code that does the same thing. Rich _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
