yeah i know (deprication warning). If you guys dont mind the offtopic question - what are you planning to switch to after shorewall?
I'll miss shorewall ;) Our customers will too it took us ages to explain to them how shorewall works. will have to explain something new soon then ;) On Wed, Feb 28, 2024 at 09:31:16PM +0200, Tuomo Soini wrote: > On Wed, 28 Feb 2024 19:45:55 +0100 > Peter Thurner | Blunix GmbH via Shorewall-users > <shorewall-users@lists.sourceforge.net> wrote: > > > I am aware of that, however sometimes there isn't really a much > > better way than using dns names. that doesn't just affect shorewall > > but iptables in general of course. > > > > ok but long story short - I am aware I'm doing this wrong, and hence > > there is no option to ignore failed rules, yes? > > > > I suppose i could use a cronjob that updates an ipset or so and then > > have shorewall use that ipset as a workaround. Do you guys have a > > better recommendation? > > > > Big fan of shorewall btw, used it for many years. Keep up the good > > work :) > > Well - truth is there is not much work done any more. Shorewall is > slowly getting obsolete because it is based on iptables/ip6tables. > Here is one contributed script to handle updating ipsets. > > https://shorewall.org/pub/shorewall/contrib/DNSLookup/ > > At my daytime job, we created completely nftables based new firewall > which can handle dns with nftables by doing automatic dns resolving. > Idea for this came from DNSLookup and another similar scripting system > updating ipsets based on dns. But unlike with ipsets you don't have > issues with startup failing if ipset is missing which was one issue > we found with ipset based solution. > > https://github.com/FoobarOy/foomuuri/wiki/Configuration#resolve > > That's not shorewall but created by guys who used shorewall for 20 > years. > > -- > Tuomo Soini <t...@foobar.fi> > Foobar Linux services > +358 40 5240030 > Foobar Oy <https://foobar.fi/> > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users with kind regards, Peter Thurner CEO Blunix GmbH -- Blunix GmbH Glogauer Straße 21 10999 Berlin Germany Web: https://www.blunix.com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
