Mail archive
alpine-devel

[alpine-devel] Alpine Wall development update

From: Kaarle Ritvanen <kaarle.ritvanen_at_datakunkku.fi>
Date: Tue, 16 Apr 2013 15:09:58 +0300 (EEST)

Hello,

Here is a short summary of my recent work on Alpine Wall (awall). It
is now at version 0.3.0. In addition to various bug fixes, awall has
gained a lot of new features since the last development update.

* iptables feature support:
   - packet marking, including route tracking
   - MSS clamping
   - transparent proxying
   - tarpit action (requires xtables-addons)
   - configurable packet logging
   - improved support for ipsets

* other features:
   - stateless operation: rules for the reverse direction and disabling
     connection tracking generated automatically
   - secure use of connection tracking helpers, see
     https://home.regit.org/netfilter-en/secure-use-of-helpers/
   - support for intra-zone routing

* usability:
   - more readable error messages
   - awall dump command facilitates debugging policy definitions
   - more information shown by awall list with the --all option
   - more reliable fallback when activation fails
   - --force option for awall activate (no interactive confirmation
     required)
   - command for flushing all iptables rules (awall flush)

* policy syntax improvements:
   - port ranges in service definitions
   - empty zones (useful with variables)
   - simplified syntax for flow/connection limits
   - private policy files (not shown by awall list)

For more information about awall's new features, please refer to the
user's guide:

http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue Apr 16 2013 - 15:09:58 UTC