Re: [Leaf-devel] Re: rcf.lrp (was: Hello all!)

Sun, 22 Apr 2001 15:41:50 -0700 

Hi Jean-Sebastien,

Thus spoke Jean-Sebastien Morisset:

> On Sun, Apr 22, 2001 at 02:17:36PM -0700, Mike Noyes wrote:
> > Jean-Sebastien Morisset, 2001-04-22 15:39 -0400
> > >The LEAF home page recently announced the affiliation of rcf, a pretty
> > >good firewall for Linux. Personally, I think it's better than 'pretty
> > >good', but I'm kinda biased. :-)
> >
> > Jean-Sebastein,
> > I would expect nothing less. :)
>
> :-)
>
> > BTW, have you received any feedback on your rcf511c4.lrp package? Also,
>
> Nope, not yet. I haven't seen that much enthousiasm for the LRP version of
> rcf. It took quite a few hours to ports all the scripts, so I'm a little
> disappointed. I figure interest will pick-up as people try rcf... :-)
>
> > what is the timetable for a version based on iptables?
>
> The idea is to first get rid of all the ipchains commands from all the
> modules and functions, except for one function. This single function will
> be called to setup the chains instead of calling the ipchains binary
> directly. v5.1.2 will bring us to this point. v5.1.1 is almost there...
> After that, it should be fairly easy to have that function use iptables or
> ipchains as necessary.

I originally tried that with Seattle Firewall and it's not that simple.
The problems are:

a) Under ipchains, forwarded packets traverse the input, forward and
output chains. Under iptables, they traverse only the FORWARD chain.
b) The real power of iptables lies in its connection tracking. With
iptables, you don't have to include special rules for replies like you do
with ipchains.

I found it was easier to start again from scratch and produce a
totally new firewall (Shorewall) than it was to try to make
Seattle Firewall support both environments.

-Tom
-- 
Tom Eastep             \ Alt Email: [EMAIL PROTECTED]
ICQ #60745924           \ Websites: http://seawall.sourceforge.net
[EMAIL PROTECTED]       \          http://seattlefirewall.dyndns.org
Shoreline, Washington USA \         http://shorewall.sourceforge.net
                           \_________________________________________


_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to