system-config-firewall picking up slack where firestarter fell off
Adam Miller
maxamillion at gmail.com
Fri Jun 12 13:54:00 UTC 2009
I'm retired firestarter, I picked it up recently as it was orphaned
but as we are moving towards PolicyKit and there's no upstream to
assist with the port and after a discussion we had here on the list I
decided it was time to retire it.
Now, with that being said, I have some users on the firestarter-users
mailing list that have some features they would like to request and I
wanted to pose a couple questions here in respect to their requests
and find out if others feel that these requests are feasible and/or
are even in the scope of system-config-firewall.
1) Cisco VPN
I don't use this myself but I was told it just needs these rules, so I
don't see a big issue here:
$IPT -A FORWARD -i $IF -o $INIF -p udp --dport 500 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 500 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 50 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 50 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
2) Auto setup of "Internet Sharing", so autoconfig of dhcpd and
providing a bridge between WAN and LAN. This is one that I'm not
entirely sure there is really in the scope of system-config-firewall
and might need to be its own utility.
Those are really the only two that have been reported to me, just
looking for advisement from the group before I go off and start trying
to hack something together.
Thanks,
-Adam
--
http://maxamillion.googlepages.com
---------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
More information about the devel
mailing list