Menu
▾
▴
Re: [Devil-Linux-discuss] ipt_condition module missing in 1.4RC1
|
From: Christopher C. M. <chr...@tu...> - 2010-02-20 06:48:28
|
Thanks, Serge. Keep in mind this has been a part of DL for a while, so
to exclude it is to break backward compatibility. Thanks for including
it in your build.
I am not certain how it is decided what goes into DL, so I am just going
to state a case on the listserv and hope the right folks are listening.
Here is why I think this should be included:
1. It is important to maintain backward compatibility, unless of
course functionality is officially deprecated (usually with
warning for a few releases prior). To not do this puts the user in
the position of having to rewrite firewall rules on each release
of DL. Since DL is primarily a firewall, it should support that
functionality first and foremost. Certainly the collection of
modules extending the rules of iptables should always be included.
To not do this makes DL start to gravitate to becoming something
other than a firewall.
2. ipt_condition is a powerful module which allows dynamic changes to
firewall rules without changing the rules themselves. It allows
you to keep one rules file which is always in effect. This allows
an iptables counter listing that remains static and
understandable. It makes for an extremely clean set of firewall
rules. Clean, understandable firewall rules are vital when coding
a firewall. It is an important module, though most people don't
understand it.
Please understand I think you guys have done a wonderful job and I love
this distribution. I am glad your are still going strong. No criticisms
are implied here, just an opinion.
Thanks for your great efforts and for a great distribution.
On 2/17/2010 11:05 PM, Serge Leschinsky wrote:
> Christopher,
>
> The module is not a part of iptables, but it's a part of pom -
> http://www.netfilter.org/projects/patch-o-matic/pom-external.html#pom-external-condition
>
> So, the answer to your question - it's not a bug. It's the missing feature :)
>
> I'll try to build it with DL. Unfortunately my build environment is extremely
> far from official, so it can be a problem.
>
> Serge
>
>
> On 02/17/2010 05:03 PM, Christopher C. Mills wrote:
>
>> Thank you, Serge!
>>
>> On 2/17/2010 4:59 PM, Serge Leschinsky wrote:
>>
>>> Christopher,
>>>
>>> I made a quick search thru iptables 1.4.6 source code and didn't find it. This
>>> is the reason why I was asking you.
>>> Well, I'm going to find out where the module lives and inform you about it.
>>>
>>> Serge
>>>
>>>
>>> On 02/17/2010 12:50 AM, Christopher C. Mills wrote:
>>>
>>>
>>>> Hi, thanks for your reply.
>>>>
>>>> All I can say is it is covered in the man page, and I have been using it
>>>> for years. I don't know what constitutes basic. You certainly have to
>>>> explicitly load it with modprobe in order to use it. This is what is
>>>> failing; the module isn't being found.
>>>>
>>>> On 2/16/2010 8:35 PM, Serge Leschinsky wrote:
>>>>
>>>>
>>>>> Christopher,
>>>>>
>>>>> is it a module from basic iptables package or it's an extension?
>>>>>
>>>>> Serge
>>>>>
>>>>> On 02/16/2010 04:31 PM, Christopher C. Mills wrote:
>>>>>
>>>>>
>>>>>
>>>>>> My firewall depends on this module (ipt_condition) so I was wondering
>>>>>> whether it was intentionally removed from Devil Linux or this is a bug?
>>>>>> Does anyone know?
>>>>>> On 2/16/2010 5:23 AM, Christopher Mills wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Is this a bug?
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
>>>>>>> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
>>>>>>> http://p.sf.net/sfu/solaris-dev2dev
>>>>>>> _______________________________________________
>>>>>>> Devil-linux-discuss mailing list
>>>>>>> Dev...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
>>>>>> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
>>>>>> http://p.sf.net/sfu/solaris-dev2dev
>>>>>> _______________________________________________
>>>>>> Devil-linux-discuss mailing list
>>>>>> Dev...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
|
