Hello,<br><br>Thanks for your reply, Carlos. I figured out the suffix meanings shortly after sending my email.<br><br>I noticed you didn't comment on my mention of how there aren't packages for Centos or many versions of Fedora Core. Just wanted to reiterate that a re-release would be welcome and to let us in the community know if there's anything we can do to assist.
<br><br>Best,<br> jrobinson<br><br><div><span class="gmail_quote">On 12/13/06, <b class="gmail_sendername">Carlos Rodrigues</b> <<a href="mailto:carlos.efr@mail.telepac.pt">carlos.efr@mail.telepac.pt</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On 12/13/06, firehol firehol <<a href="mailto:firehol@gmail.com">firehol@gmail.com</a>> wrote:
<br>> You wrote to me offlist so I'm replying offlist :) Feel free to repost this<br>> onlist.<br><br>Oops.<br><br>> Well, I'm using Centos and various flavors of Fedora, so I have to install<br>> from source. I usually prefer not to install "non-released" code onto my
<br>> production machines. I'm sure there are a few other people that have to<br>> install firehol 'manually' too. So a release of a 'blessed' version would be<br>> welcome for me.<br>><br>> Also, I see that the chain names have a maximum length of 30 characters, so
<br>> it's true there aren't many characters left for the suffix. Do you know<br>> what the _s1 and _c1 suffixes mean?<br><br>A quick look to the source reveals that "c" means "client", "s" means
<br>"server" and "r" means "route".<br><br>> On 12/13/06, Carlos Rodrigues <<a href="mailto:carlos.efr@mail.telepac.pt">carlos.efr@mail.telepac.pt</a>> wrote:<br>> > On 12/13/06, firehol firehol <
<a href="mailto:firehol@gmail.com">firehol@gmail.com</a>> wrote:<br>> > > Looking at the cvs code, it looks like there's been a large handful of<br>> > > changes since the last release, which was now almost two years ago. It
<br>> also<br>> > > looks like there's known issues with UNROUTABLE_IPS and/or PRIVATE_IPS.<br>> > ><br>> > > I understand that it takes effort and time to do a new release, but it<br>> looks
<br>> > > like a firehol needs one. Are there things that we in the community can<br>> do<br>> > > to help with the next release? I'll be taking a look at the CVS version<br>> > > today.<br>> >
<br>> > If your distribution has a "firehol" package, chances are it's<br>> > relatively up-to-date with the CVS version on sourceforge. For<br>> > example, all my firehol installs are now in Debian boxes, using the
<br>> > standard Debian packages, and the changelog shows tha the package<br>> > maintainer has been backporting stuff from CVS.<br>> ><br>> > But yes, if the version in CVS is stable, then I guess a new release
<br>> > would be nice. Even if the documentation on the site and stuff like<br>> > that isn't updated immediately, at least people would get the sense<br>> > that the project is still active.<br>> >
<br>> > > Also, I have a question (or perhaps a feature request). I've been naming<br>> my<br>> > > firehol rules things like "dst-externalip", which results in iptables<br>> chains<br>> > > with names like "out_dst-outside_dns_c8". Is there some description of
<br>> the<br>> > > suffixes (the _c8) part in the chain name?<br>> ><br>> > IMHO, names for interfaces and routers should be kept as small as<br>> > possible (without becoming cryptic, that is), to avoid triggering the
<br>> > maximum name length for chains if the service name is also long (like<br>> > "bittorrent").<br>> ><br>> > --<br>> > Carlos Rodrigues<br>> ><br>><br>><br><br><br>
--<br>Carlos Rodrigues<br></blockquote></div><br>