David Baron posted on Thu, 28 Jul 2011 23:27:29 +0300 as excerpted: > With the 3.0 kernels, ipchains is no longer supported. Apparently > guarddog used ipchains to run iptables or some such scheme.
Are you sure it was with kernel 3.0? Or was it perhaps with 2.6.39 or something, if you didn't try it? Because Linus' announced policy with 3.0 was that it was just another version and that they were *NOT* taking the opportunity to remove any long deprecated functionality, etc. Plus, they apparently took some pains to ensure that they didn't introduce as many possibly externally disruptive changes (other than the switch to 3.x itself) as usual, as well, so the 3.0 development process was rather calmer than that for many recent kernels... with the exception of a couple rcu bugs found and fixed at the last minute (tho even there, at least one of those was from an earlier kernel, so it wasn't a 3.0 regression they were fixing), that delayed release by about three days. Further, I run git kernels and followed the 3.x development process a bit closer than usual, and didn't see notice any commits mentioning killing ipchains support while reading git whatchanged logs, tho those logs are certainly voluminous enough and I'm inexpert enough that I might well have missed it. OTOH, it could well be that certain long deprecated user-space software (like anything still depending on ipchains?) that was hard-coded for a 2.x kernel was simply dropped, rather than re-coding the hard-coded 2.x assumption. So my question is, are you sure it's due to 3.x dropping ipchains support or was it dropped earlier (say for 2.6.39) and you simply didn't install any kernels since then until 3.0, or is it simply an artifact of already deprecated userspace hardcoding 2.x assumptions, with the software now simply dropped rather than recoding it to allow 3.x kernels too, or ??? And if it is indeed a deliberate drop of functionality within the 3.0 kernel specifically, could you provide a link? Because that's new info to me, and I'd like to be able to authoritatively state it to others should it come up again, in the future. Obviously "because someone claimed it on a list" doesn't fulfill the authoritative requirement, while a link to a statement to that effect by the recognized subsystem maintainer would be rather more impressive, indeed. =:^) > Is there something that I can use now with a comprehensible GUI that > will read the guarrdog iptables rules to start out? (I found fwbuilder > incomprehensible.) FWIW, YMMV, personal experience may differ, etc. However: I never could properly get my head around any of the Linux firewalling software that "made the process easier", myself, but when I finally tried iptables itself (CLI, obviously, non-GUI), I actually found it surprisingly easy to understand and to create rules doing what I needed it to do. So if you're at all comfortable at the CLI, I'd definitely recommend that you consider trying IPTables itself, instead of simply writing it off because you couldn't manage supposedly "easier" IPTables helpers. Of course, if you don't use the command line at all, that's not particularly suited to being the first thing you try, but at least here, with some reasonable command-line experience, iptables itself was easier to grasp than all the supposedly easier "helpers" I tried, for sure, and it may well surprise you how easy it is, if you've tried the others and simply couldn't grok them. I don't claim to be an iptables expert by any means, and I do need to refer to the manpages again when I make anything but trivial changes, but for me it's certainly easier to work with than the supposedly simpler stuff was, for sure, and I get the job done. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman ___________________________________________________ This message is from the kde-linux mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde-linux. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.
