[Firehol-support] what comes after firehol?

Sun Jun 12 23:05:00 BST 2011

On 13/06/2011, at 1:03 AM, Paul Fox wrote:

> thanks everyone.  okay, i'm somewhat reassured that firehol hasn't
> become irrelevant, and private mail from phil whineray regarding his
> ipv6 mods tells me that there's at least some continued interest in
> maintaining it.
> 
> andrew wrote:
>> Advanced Policy Firewall
>> (http://www.rfxn.com/projects/advanced-policy-firewall/) seems to
>> be similar to firehol.  I've looked at it but haven't tried it out
>> since firehol still meets my needs.
> 
> thanks -- somehow that hadn't turned up in my searches.  no ipv6 support
> (promised "soon" about 7 months ago) though.
> 
>> 
>> fwbuilder is, in my mind, quite different and not nearly as useful, since it
>> can't be scripted.  It's fundamentally a GUI tool, and I find that the GUI
>> actually obscures the high-level view that I want of my firewall.  A
>> firehol+bash script is clearer and more flexible.
> 
> when i first started using fwbuilder, i actually found the gui/drag-n-drop
> model to be quite nice.  but as time goes on, i think i agree with you.
> 
> anyway, i'll stick with firehol for the time being.
> 
> as i mentioned, i have changes to firehol which let it build a script
> on one machine which will run on another -- in my case the target is
> openwrt.  (i'd rather not install bash on my embedded router.)  i have
> those patches in my own git tree, and they're not really ready for
> public consumption.   i think i should probably start over using phil's
> ipv6 tree as a basis before trying to clean them up.
> 
> oh -- as for the get-iana.sh thing -- i also have changes (based on
> an XML extractor script written in shell) which update get-iana.sh to
> use the new IANA file.  the output, after run through "aggregate",
> is:
>    RESERVED_IPS="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 224.0.0.0/3"

you have left out 192.168.0.0/16 and 172.16.0.0/12

http://en.wikipedia.org/wiki/Private_network

there's also some in 169.254

> do other people agree?  given this, as others have said, i don't think
> the get-iana mechanism is really worth maintaining anymore.
> 
> paul
> =---------------------
> paul fox, pgf at foxharp.boston.ma.us (arlington, ma, where it's 48.9 degrees)
> 
> ------------------------------------------------------------------------------
> EditLive Enterprise is the world's most technically advanced content
> authoring tool. Experience the power of Track Changes, Inline Image
> Editing and ensure content is compliant with Accessibility Checking.
> http://p.sf.net/sfu/ephox-dev2dev
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20110613/73931aa5/attachment-0003.html>