Hello,
Here is a short summary of my recent work on Alpine Wall (awall). It
is now at version 0.3.0. In addition to various bug fixes, awall has
gained a lot of new features since the last development update.
* iptables feature support:
- packet marking, including route tracking
- MSS clamping
- transparent proxying
- tarpit action (requires xtables-addons)
- configurable packet logging
- improved support for ipsets
* other features:
- stateless operation: rules for the reverse direction and disabling
connection tracking generated automatically
- secure use of connection tracking helpers, see
https://home.regit.org/netfilter-en/secure-use-of-helpers/
- support for intra-zone routing
* usability:
- more readable error messages
- awall dump command facilitates debugging policy definitions
- more information shown by awall list with the --all option
- more reliable fallback when activation fails
- --force option for awall activate (no interactive confirmation
required)
- command for flushing all iptables rules (awall flush)
* policy syntax improvements:
- port ranges in service definitions
- empty zones (useful with variables)
- simplified syntax for flow/connection limits
- private policy files (not shown by awall list)
For more information about awall's new features, please refer to the
user's guide:
http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide
BR,
Kaarle
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---