[alpine-devel] Alpine Wall development update

Kaarle Ritvanen
Message ID
Sender timestamp
DKIM signature
Download raw message

Here is a short summary of my recent work on Alpine Wall (awall). It
is now at version 0.3.0. In addition to various bug fixes, awall has
gained a lot of new features since the last development update.

* iptables feature support:
   - packet marking, including route tracking
   - MSS clamping
   - transparent proxying
   - tarpit action (requires xtables-addons)
   - configurable packet logging
   - improved support for ipsets

* other features:
   - stateless operation: rules for the reverse direction and disabling
     connection tracking generated automatically
   - secure use of connection tracking helpers, see
   - support for intra-zone routing

* usability:
   - more readable error messages
   - awall dump command facilitates debugging policy definitions
   - more information shown by awall list with the --all option
   - more reliable fallback when activation fails
   - --force option for awall activate (no interactive confirmation
   - command for flushing all iptables rules (awall flush)

* policy syntax improvements:
   - port ranges in service definitions
   - empty zones (useful with variables)
   - simplified syntax for flow/connection limits
   - private policy files (not shown by awall list)

For more information about awall's new features, please refer to the
user's guide:



Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org