~alpine/devel

[alpine-devel] Alpine Wall development update

Kaarle Ritvanen
Details
Message ID
<alpine.LFD.2.03.1304161507490.27010@kunkku.net>
Sender timestamp
1366114198
DKIM signature
missing
Download raw message
Hello,

Here is a short summary of my recent work on Alpine Wall (awall). It
is now at version 0.3.0. In addition to various bug fixes, awall has
gained a lot of new features since the last development update.

* iptables feature support:
   - packet marking, including route tracking
   - MSS clamping
   - transparent proxying
   - tarpit action (requires xtables-addons)
   - configurable packet logging
   - improved support for ipsets

* other features:
   - stateless operation: rules for the reverse direction and disabling
     connection tracking generated automatically
   - secure use of connection tracking helpers, see
     https://home.regit.org/netfilter-en/secure-use-of-helpers/
   - support for intra-zone routing

* usability:
   - more readable error messages
   - awall dump command facilitates debugging policy definitions
   - more information shown by awall list with the --all option
   - more reliable fallback when activation fails
   - --force option for awall activate (no interactive confirmation
     required)
   - command for flushing all iptables rules (awall flush)

* policy syntax improvements:
   - port ranges in service definitions
   - empty zones (useful with variables)
   - simplified syntax for flow/connection limits
   - private policy files (not shown by awall list)

For more information about awall's new features, please refer to the
user's guide:

http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---