On 2/8/25 12:58, Benny Pedersen wrote:
Wayne Shumaker skrev den 2025-02-08 16:56:
At 2/6/2025 02:25 PM, Winston wrote:
Shorewall (and Shorewall6) has been fantastic to me, as a multi-ISP
user.
if that debian maintaince stops, one can still find older slackware that
still works, just remember to not keep using precompiled problems as
debian mostly is, or even stupid centos
i prefer freebsd and gentoo for being fullt opensource and not
precompiled at all
if shorewall will continue then ask how it could use nftables instaed of
iptables, and why its essently better ?, the kernel part is just another
cli to add it to kernel
Yeah, it doesn't seem to me to be an insurmountable problem to update
shorewall to emit nftables rules instead of iptables rules, unless
nftables is nearly unrecognizably different from iptables.
And if nftables IS nearly unrecognizably different from iptables, and
yet they didn't incorporate a sanely human-readable layer into it during
the rewrite, then perhaps that group of developers needs to not be in
charge of Linux kernel firewalling any more. There's a reason we
program in high-level languages, and a reason why Photoshop and GIMP are
not simply hex bitmap editors, and why OpenOffice/LibreOffice is not
just a raw-XML editor. The technology of translating human-readable
instructions into machine-readable ones is around sixty years old now.
We shouldn't still be having to configure firewalls in the firewall
equivalent of machine code.
Shorewall is effectively a compiler for firewalls. You'd think it
wouldn't be the only one.
--
Phil Stracchino
Fenian House Publishing
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
