Re: [Devil-Linux-discuss] ipt_condition module missing in 1.4RC1

[Serge L. <fi...@in...>]

Christopher,


I've added "condition" module to DL (with a bunch of other modules from
xtables-addons). Hopefully, it works. I made only several trivial tests, so I
can not guarantee that it works correctly. I'll be included into the next DL
build. Please test.

Sincerely,
Serge

On 02/19/2010 09:01 PM, Christopher C. Mills wrote:
> Thanks, Serge. Keep in mind this has been a part of DL for a while, so
> to exclude it is to break backward compatibility. Thanks for including
> it in your build.
> 
> I am not certain how it is decided what goes into DL, so I am just going
> to state a case on the listserv and hope the right folks are listening.
> 
> Here is why I think this should be included:
> 
>    1. It is important to maintain backward compatibility, unless of
>       course functionality is officially deprecated (usually with
>       warning for a few releases prior). To not do this puts the user in
>       the position of having to rewrite firewall rules on each release
>       of DL. Since DL is primarily a firewall, it should support that
>       functionality first and foremost. Certainly the collection of
>       modules extending the rules of iptables should always be included.
>       To not do this makes DL start to gravitate to becoming something
>       other than a firewall.
>    2. ipt_condition is a powerful module which allows dynamic changes to
>       firewall rules without changing the rules themselves. It allows
>       you to keep one rules file which is always in effect. This allows
>       an iptables counter listing that remains static and
>       understandable. It makes for an extremely clean set of firewall
>       rules. Clean, understandable firewall rules are vital when coding
>       a firewall. It is an important module, though most people don't
>       understand it.
> 
> Please understand I think you guys have done a wonderful job and I love
> this distribution. I am glad your are still going strong. No criticisms
> are implied here, just an opinion.
> 
> Thanks for your great efforts and for a great distribution.
> 
> On 2/17/2010 11:05 PM, Serge Leschinsky wrote:
>> Christopher,
>>
>> The module is not a part of iptables, but it's a part of pom -
>> http://www.netfilter.org/projects/patch-o-matic/pom-external.html#pom-external-condition
>>
>> So, the answer to your question - it's not a bug. It's the missing feature :)
>>
>> I'll try to build it with DL. Unfortunately my build environment is extremely
>> far from official, so it can be a problem.
>>
>> Serge
>>
>>
>> On 02/17/2010 05:03 PM, Christopher C. Mills wrote:
>>   
>>> Thank you, Serge!
>>>
>>> On 2/17/2010 4:59 PM, Serge Leschinsky wrote:
>>>     
>>>> Christopher,
>>>>
>>>> I made a quick search thru iptables 1.4.6 source code and didn't find it. This
>>>> is the reason why I was asking you.
>>>> Well, I'm going to find out where the module lives and inform you about it.
>>>>
>>>> Serge
>>>>
>>>>
>>>> On 02/17/2010 12:50 AM, Christopher C. Mills wrote:
>>>>   
>>>>       
>>>>> Hi, thanks for your reply.
>>>>>
>>>>> All I can say is it is covered in the man page, and I have been using it
>>>>> for years. I don't know what constitutes basic. You certainly have to
>>>>> explicitly load it with modprobe in order to use it. This is what is
>>>>> failing; the module isn't being found.
>>>>>
>>>>> On 2/16/2010 8:35 PM, Serge Leschinsky wrote:
>>>>>     
>>>>>         
>>>>>> Christopher,
>>>>>>
>>>>>> is it a module from basic iptables package or it's an extension?
>>>>>>
>>>>>> Serge
>>>>>>
>>>>>> On 02/16/2010 04:31 PM, Christopher C. Mills wrote:
>>>>>>   
>>>>>>       
>>>>>>           
>>>>>>> My firewall depends on this module (ipt_condition) so I was wondering
>>>>>>> whether it was intentionally removed from Devil Linux or this is a bug?
>>>>>>> Does anyone know?
>>>>>>> On 2/16/2010 5:23 AM, Christopher Mills wrote:
>>>>>>>     
>>>>>>>         
>>>>>>>             
>>>>>>>> Is this a bug?
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
>>>>>>>> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
>>>>>>>> http://p.sf.net/sfu/solaris-dev2dev
>>>>>>>> _______________________________________________
>>>>>>>> Devil-linux-discuss mailing list
>>>>>>>> Dev...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>>>>>>>>   
>>>>>>>>       
>>>>>>>>           
>>>>>>>>               
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
>>>>>>> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
>>>>>>> http://p.sf.net/sfu/solaris-dev2dev
>>>>>>> _______________________________________________
>>>>>>> Devil-linux-discuss mailing list
>>>>>>> Dev...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>>>>>>>
>>>>>>>     
>>>>>>>         
>>>>>>>             
>>>>>>   
>>>>>>       
>>>>>>           
>>>>>     
>>>>>         
>>>>   
>>>>       
>>>
>>>     
>>
>>   
>