Re: [Devil-Linux-discuss] ipt_condition module missing in 1.4RC1

[Christopher C. M. <chr...@tu...>]

Thank you, Serge. I will be certain too...

On 2/24/2010 3:44 AM, Serge Leschinsky wrote:
> Christopher,
>
>
> I've added "condition" module to DL (with a bunch of other modules from
> xtables-addons). Hopefully, it works. I made only several trivial tests, so I
> can not guarantee that it works correctly. I'll be included into the next DL
> build. Please test.
>
> Sincerely,
> Serge
>
> On 02/19/2010 09:01 PM, Christopher C. Mills wrote:
>   
>> Thanks, Serge. Keep in mind this has been a part of DL for a while, so
>> to exclude it is to break backward compatibility. Thanks for including
>> it in your build.
>>
>> I am not certain how it is decided what goes into DL, so I am just going
>> to state a case on the listserv and hope the right folks are listening.
>>
>> Here is why I think this should be included:
>>
>>    1. It is important to maintain backward compatibility, unless of
>>       course functionality is officially deprecated (usually with
>>       warning for a few releases prior). To not do this puts the user in
>>       the position of having to rewrite firewall rules on each release
>>       of DL. Since DL is primarily a firewall, it should support that
>>       functionality first and foremost. Certainly the collection of
>>       modules extending the rules of iptables should always be included.
>>       To not do this makes DL start to gravitate to becoming something
>>       other than a firewall.
>>    2. ipt_condition is a powerful module which allows dynamic changes to
>>       firewall rules without changing the rules themselves. It allows
>>       you to keep one rules file which is always in effect. This allows
>>       an iptables counter listing that remains static and
>>       understandable. It makes for an extremely clean set of firewall
>>       rules. Clean, understandable firewall rules are vital when coding
>>       a firewall. It is an important module, though most people don't
>>       understand it.
>>
>> Please understand I think you guys have done a wonderful job and I love
>> this distribution. I am glad your are still going strong. No criticisms
>> are implied here, just an opinion.
>>
>> Thanks for your great efforts and for a great distribution.
>>
>> On 2/17/2010 11:05 PM, Serge Leschinsky wrote:
>>     
>>> Christopher,
>>>
>>> The module is not a part of iptables, but it's a part of pom -
>>> http://www.netfilter.org/projects/patch-o-matic/pom-external.html#pom-external-condition
>>>
>>> So, the answer to your question - it's not a bug. It's the missing feature :)
>>>
>>> I'll try to build it with DL. Unfortunately my build environment is extremely
>>> far from official, so it can be a problem.
>>>
>>> Serge
>>>
>>>
>>> On 02/17/2010 05:03 PM, Christopher C. Mills wrote:
>>>   
>>>       
>>>> Thank you, Serge!
>>>>
>>>> On 2/17/2010 4:59 PM, Serge Leschinsky wrote:
>>>>     
>>>>         
>>>>> Christopher,
>>>>>
>>>>> I made a quick search thru iptables 1.4.6 source code and didn't find it. This
>>>>> is the reason why I was asking you.
>>>>> Well, I'm going to find out where the module lives and inform you about it.
>>>>>
>>>>> Serge
>>>>>
>>>>>
>>>>> On 02/17/2010 12:50 AM, Christopher C. Mills wrote:
>>>>>   
>>>>>       
>>>>>           
>>>>>> Hi, thanks for your reply.
>>>>>>
>>>>>> All I can say is it is covered in the man page, and I have been using it
>>>>>> for years. I don't know what constitutes basic. You certainly have to
>>>>>> explicitly load it with modprobe in order to use it. This is what is
>>>>>> failing; the module isn't being found.
>>>>>>
>>>>>> On 2/16/2010 8:35 PM, Serge Leschinsky wrote:
>>>>>>     
>>>>>>         
>>>>>>             
>>>>>>> Christopher,
>>>>>>>
>>>>>>> is it a module from basic iptables package or it's an extension?
>>>>>>>
>>>>>>> Serge
>>>>>>>
>>>>>>> On 02/16/2010 04:31 PM, Christopher C. Mills wrote:
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>>>>               
>>>>>>>> My firewall depends on this module (ipt_condition) so I was wondering
>>>>>>>> whether it was intentionally removed from Devil Linux or this is a bug?
>>>>>>>> Does anyone know?
>>>>>>>> On 2/16/2010 5:23 AM, Christopher Mills wrote:
>>>>>>>>     
>>>>>>>>         
>>>>>>>>             
>>>>>>>>                 
>>>>>>>>> Is this a bug?
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
>>>>>>>>> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
>>>>>>>>> http://p.sf.net/sfu/solaris-dev2dev
>>>>>>>>> _______________________________________________
>>>>>>>>> Devil-linux-discuss mailing list
>>>>>>>>> Dev...@li...
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>>>>>>>>>   
>>>>>>>>>       
>>>>>>>>>           
>>>>>>>>>               
>>>>>>>>>                   
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
>>>>>>>> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
>>>>>>>> http://p.sf.net/sfu/solaris-dev2dev
>>>>>>>> _______________________________________________
>>>>>>>> Devil-linux-discuss mailing list
>>>>>>>> Dev...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
>>>>>>>>
>>>>>>>>     
>>>>>>>>         
>>>>>>>>             
>>>>>>>>                 
>>>>>>>   
>>>>>>>       
>>>>>>>           
>>>>>>>               
>>>>>>     
>>>>>>         
>>>>>>             
>>>>>   
>>>>>       
>>>>>           
>>>>     
>>>>         
>>>   
>>>       
>>     
>