X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from smtp-68.nebula.fi (smtp-69.nebula.fi [83.145.220.69]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 8C8C5DC00D5 for ; Tue, 16 Apr 2013 12:10:04 +0000 (UTC) Received: from kunkku.net (nblzone-241-252.nblnetworks.fi [83.145.241.252]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-68.nebula.fi (Postfix) with ESMTP id 63DC243F0996 for ; Tue, 16 Apr 2013 15:09:59 +0300 (EEST) Received: from kunkku.net (kunkku.net [127.0.0.1]) by kunkku.net (8.14.6/8.14.6) with ESMTP id r3GC9wsS027030 for ; Tue, 16 Apr 2013 15:09:58 +0300 Received: from localhost (kaarle@localhost) by kunkku.net (8.14.6/8.14.6/Submit) with ESMTP id r3GC9wZO027027 for ; Tue, 16 Apr 2013 15:09:58 +0300 X-Authentication-Warning: kunkku.net: kaarle owned process doing -bs Date: Tue, 16 Apr 2013 15:09:58 +0300 (EEST) From: Kaarle Ritvanen X-X-Sender: kaarle@kunkku.net To: alpine-devel@lists.alpinelinux.org Subject: [alpine-devel] Alpine Wall development update Message-ID: User-Agent: Alpine 2.03 (LFD 1266 2009-07-14) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp-68.nebula.fi Hello, Here is a short summary of my recent work on Alpine Wall (awall). It is now at version 0.3.0. In addition to various bug fixes, awall has gained a lot of new features since the last development update. * iptables feature support: - packet marking, including route tracking - MSS clamping - transparent proxying - tarpit action (requires xtables-addons) - configurable packet logging - improved support for ipsets * other features: - stateless operation: rules for the reverse direction and disabling connection tracking generated automatically - secure use of connection tracking helpers, see https://home.regit.org/netfilter-en/secure-use-of-helpers/ - support for intra-zone routing * usability: - more readable error messages - awall dump command facilitates debugging policy definitions - more information shown by awall list with the --all option - more reliable fallback when activation fails - --force option for awall activate (no interactive confirmation required) - command for flushing all iptables rules (awall flush) * policy syntax improvements: - port ranges in service definitions - empty zones (useful with variables) - simplified syntax for flow/connection limits - private policy files (not shown by awall list) For more information about awall's new features, please refer to the user's guide: http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide BR, Kaarle --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---