[Firehol-support] Firehol Status?
firehol firehol
firehol at gmail.com
Thu Dec 14 16:37:17 GMT 2006
Hello,
Thanks for your reply, Carlos. I figured out the suffix meanings shortly
after sending my email.
I noticed you didn't comment on my mention of how there aren't packages for
Centos or many versions of Fedora Core. Just wanted to reiterate that a
re-release would be welcome and to let us in the community know if there's
anything we can do to assist.
Best,
jrobinson
On 12/13/06, Carlos Rodrigues <carlos.efr at mail.telepac.pt> wrote:
>
> On 12/13/06, firehol firehol <firehol at gmail.com> wrote:
> > You wrote to me offlist so I'm replying offlist :) Feel free to repost
> this
> > onlist.
>
> Oops.
>
> > Well, I'm using Centos and various flavors of Fedora, so I have to
> install
> > from source. I usually prefer not to install "non-released" code onto my
> > production machines. I'm sure there are a few other people that have to
> > install firehol 'manually' too. So a release of a 'blessed' version
> would be
> > welcome for me.
> >
> > Also, I see that the chain names have a maximum length of 30 characters,
> so
> > it's true there aren't many characters left for the suffix. Do you know
> > what the _s1 and _c1 suffixes mean?
>
> A quick look to the source reveals that "c" means "client", "s" means
> "server" and "r" means "route".
>
> > On 12/13/06, Carlos Rodrigues <carlos.efr at mail.telepac.pt> wrote:
> > > On 12/13/06, firehol firehol <firehol at gmail.com> wrote:
> > > > Looking at the cvs code, it looks like there's been a large handful
> of
> > > > changes since the last release, which was now almost two years
> ago. It
> > also
> > > > looks like there's known issues with UNROUTABLE_IPS and/or
> PRIVATE_IPS.
> > > >
> > > > I understand that it takes effort and time to do a new release, but
> it
> > looks
> > > > like a firehol needs one. Are there things that we in the community
> can
> > do
> > > > to help with the next release? I'll be taking a look at the CVS
> version
> > > > today.
> > >
> > > If your distribution has a "firehol" package, chances are it's
> > > relatively up-to-date with the CVS version on sourceforge. For
> > > example, all my firehol installs are now in Debian boxes, using the
> > > standard Debian packages, and the changelog shows tha the package
> > > maintainer has been backporting stuff from CVS.
> > >
> > > But yes, if the version in CVS is stable, then I guess a new release
> > > would be nice. Even if the documentation on the site and stuff like
> > > that isn't updated immediately, at least people would get the sense
> > > that the project is still active.
> > >
> > > > Also, I have a question (or perhaps a feature request). I've been
> naming
> > my
> > > > firehol rules things like "dst-externalip", which results in
> iptables
> > chains
> > > > with names like "out_dst-outside_dns_c8". Is there some description
> of
> > the
> > > > suffixes (the _c8) part in the chain name?
> > >
> > > IMHO, names for interfaces and routers should be kept as small as
> > > possible (without becoming cryptic, that is), to avoid triggering the
> > > maximum name length for chains if the service name is also long (like
> > > "bittorrent").
> > >
> > > --
> > > Carlos Rodrigues
> > >
> >
> >
>
>
> --
> Carlos Rodrigues
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20061214/8df79c9f/attachment-0003.html>
More information about the Firehol-support
mailing list