Le Dimanche 16 Février 2003 13:00, vous avez écrit : Hi Eric: Shorewall is indeed a key element of Bering. When I started the work on Bering (back in November 2001) I was having the following ideas in mind: - get rid of D. Cinege's LRP kernel patches which were unecessary and made it difficult to follow kernel development - do not reengineer the wheel, that is rely on existing well documented and well supported software. That is why I have chosen Shorewall for the firewall part of Bering from the very begining and that is also why I have been trying to stick as much as I can to the Debian standards - try to write a good documentation (that is probably one of the first reason why Bering has been catching-up rather quickly) Tom has released Shorewall 1.3.14 that will be the last version of Shorewall using ash. I am about to release Bering 1.1 that will be 2.4.20 kernel based and will be using Shorewall 1.3.14. Bering appears fairly stable for the time being and I do not have further plans in mind at this stage. Possible scenarios are: 1/ Bering sticks to Shorewall 1.x if someone takes over Tom the maintenance of this version 2/ Bering switches to the new 2.0 version of Shorewall as soon it will be available: it will probably imply to get rid of the single floppy router concept and use either a two floppies or a CD-rom approach. In which case I would also switch to 2.2.5 libc. That is at this stage what I would personally favour 3/ Switch to another firewall package. The modular design of Bering makes it very easy to use another iptable based firewall.
As far as you idea is concerned I think that if you succeed to extend Shorewall with IPv6 capabilities that would be definitly a vey attractive approach. Otherwise it may be simpler to offer, as an alternative package to Shorewall, an IPv6 firewall. Jacques > Hi Jacques, > > As you may have noticed from the leaf-user list I've been working on IPv6 > with Bering. I now have ip6tables working with uClibc and want to start > with IPv6 firewalling. On eof the options is to write a set of ip6tables > rules (the Dachstein-way) or to use some kind of wrap around ip6tables, > like Shorewall. > > My personal preference would be to extend Shorewall with IPv6 filtrering > capabilities, but I recently read on one of the leaf mailing lists that Tom > Eastep will be moving to a newer release of Shorewall which may not be > suitable for LEAF anymore. > > Before I start hacking away to extend Shorewall with IPv6 capabilities I > would like so hear from you about future plans for Bering and Shorewall. I > recently joined the Bering-uClibc team and this work may end up in some > future release of Bering-uClibc so I don't want to head off in a totally > different way than Bering is. > > Any feedback from you is very welcome. > > - Eric. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
