[Firehol-support] Firehol Status?

Carlos Rodrigues carlos.efr at mail.telepac.pt
Thu Dec 14 03:05:59 CET 2006 

On 12/13/06, firehol firehol <firehol at gmail.com> wrote:
> You wrote to me offlist so I'm replying offlist :) Feel free to repost this
> onlist.

Oops.

> Well, I'm using Centos and various flavors of Fedora, so I have to install
> from source. I usually prefer not to install "non-released" code onto my
> production machines. I'm sure there are a few other people that  have to
> install firehol 'manually' too. So a release of a 'blessed' version would be
> welcome for me.
>
> Also, I see that the chain names have a maximum length of 30 characters, so
> it's true there aren't many characters left for the suffix.  Do you know
> what the _s1 and _c1 suffixes mean?

A quick look to the source reveals that "c" means "client", "s" means
"server" and "r" means "route".

> On 12/13/06, Carlos Rodrigues <carlos.efr at mail.telepac.pt> wrote:
> > On 12/13/06, firehol firehol <firehol at gmail.com> wrote:
> > > Looking at the cvs code, it looks like there's been a large handful of
> > > changes since the last release, which was now almost two years ago.  It
> also
> > > looks like there's known issues with UNROUTABLE_IPS and/or PRIVATE_IPS.
> > >
> > > I understand that it takes effort and time to do a new release, but it
> looks
> > > like a firehol needs one. Are there things that we in the community can
> do
> > > to help with the next release? I'll be taking a look at the CVS version
> > > today.
> >
> > If your distribution has a "firehol" package, chances are it's
> > relatively up-to-date with the CVS version on sourceforge. For
> > example, all my firehol installs are now in Debian boxes, using the
> > standard Debian packages, and the changelog shows tha the package
> > maintainer has been backporting stuff from CVS.
> >
> > But yes, if the version in CVS is stable, then I guess a new release
> > would be nice. Even if the documentation on the site and stuff like
> > that isn't updated immediately, at least people would get the sense
> > that the project is still active.
> >
> > > Also, I have a question (or perhaps a feature request). I've been naming
> my
> > > firehol rules things like "dst-externalip", which results in iptables
> chains
> > > with names like "out_dst-outside_dns_c8".  Is there some description of
> the
> > > suffixes (the _c8) part in the chain name?
> >
> > IMHO, names for interfaces and routers should be kept as small as
> > possible (without becoming cryptic, that is), to avoid triggering the
> > maximum name length for chains if the service name is also long (like
> > "bittorrent").
> >
> > --
> > Carlos Rodrigues
> >
>
>


-- 
Carlos Rodrigues

More information about the Firehol-support mailing list