* [jasan@x31.com: Netfilter FAQ patch]
@ 2007-06-04 7:15 Harald Welte
2007-06-04 10:41 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Harald Welte @ 2007-06-04 7:15 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1.1: Type: text/plain, Size: 373 bytes --]
--
- Harald Welte <laforge@netfilter.org> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #1.2: Type: message/rfc822, Size: 4771 bytes --]
[-- Attachment #1.2.1.1: Type: text/plain, Size: 325 bytes --]
Hello Herald,
I'd like to submit a patch changing few IMHO important sections of
the FAQ. I think there are still many old sections which no-one
sould be interested in anymore. It could be useful to just keep
the older revision available and cleanse the current one (I would
gladly do it).
With nice regards
Jasan
[-- Attachment #1.2.1.2: netfilter-faq-patch-20070601-jasan.diff --]
[-- Type: text/plain, Size: 3049 bytes --]
--- netfilter-faq.sgml 2007-06-01 10:50:36.000000000 +0200
+++ netfilter-faq-new.sgml 2007-06-01 10:50:15.000000000 +0200
@@ -4,7 +4,7 @@
<title>netfilter/iptables FAQ</title>
<author>Harald Welte <laforge@gnumonks.org></author>
-<date>Version $Revision: 1.44 $, $Date: 2003/10/16 08:10:59 $</date>
+<date>Version $Revision: 1.50 $, $Date: 2007/06/01 12:10:59 $</date>
<abstract>
This document contains the Frequently Asked Questions as encountered on the
@@ -21,16 +21,14 @@
<sect1>Where can I get netfilter/iptables?
<p>
-Netfilter and IPtables are integrated in the Linux 2.4.x kernel series.
+Netfilter and IPtables are integrated in the Linux kernel since 2.4.x series.
Please obtain a recent kernel from <url url="http://www.kernel.org/"> or
one of its mirrors.
<p>
-The userspace tool 'iptables' is available at the netfilter homepage on one of the mirrors at
+The userspace tools 'iptables' and 'ip6tables' are available at the netfilter homepage on one of the mirrors at
<url url="http://www.netfilter.org/">,
-<url url="http://www.iptables.org/">,
-<url url="http://netfilter.samba.org/">,
-<url url="http://netfilter.gnumonks.org/"> or
-<url url="http://netfilter.filewatcher.org/">.
+<url url="http://www.iptables.org/"> or
+<url url="http://netfilter.samba.org/">.
</sect1>
<sect1>Is there a backport of netfilter to Linux 2.2?
@@ -133,21 +131,15 @@
an IETF MIDCOM working group has been founded, ... meanwhile, people want to
use SIP.
<p>
-The netfilter/iptables team has currently no resources to implement SIP
-conntrack/NAT support, but we're always open for sponsors :)
+Currently there is implementation for tracking SIP which consists of
+modules nf_conntrack_sip and nf_nat_sip.
</sect1>
<sect1>Does netfilter/iptables support failover/HA?
<p>
-The answer is a clear 'yes' and 'no'.
-<p>
If you are thinking about a full failover, while all the state
-information is preserved: <bf>Not really</bf>. Doing state synchronization
-between multiple nodes is a difficult process. Harald (of the netfilter core
-team) has published a paper about this, but not yet found any sponsor to fund
-the development. Meanwhile, you can try to use our 'connection pickup'
-feature, which [after a failover] tries to pick up already established
-connections: <bf>Might be sufficient depending on the requirements</bf>.
+information is preserved, you have to use <bf>conntrack-tools</bf>
+from <url url="http://people.netfilter.org/pablo/conntrack-tools/">.
<p>If you do NAT and want to preserve your NAT mappings: <bf>No</bf>.
<p>If you do statless packet filtering: <bf>Yes</bf>
</sect1>
@@ -290,9 +282,8 @@
code
<p>
So you want to build a completely transparent firewall? Great idea!
-As of kernel 2.4.16, you still need to patch your kernel with an extra
-patch to get this running. You can find it at
-<url url="http://bridge.sourceforge.net/">.
+In current kernel there is no need to patch anything. You can find more at
+<url url="http://linux-net.osdl.org/index.php/Bridge">.
</sect1>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [jasan@x31.com: Netfilter FAQ patch]
2007-06-04 7:15 [jasan@x31.com: Netfilter FAQ patch] Harald Welte
@ 2007-06-04 10:41 ` Pablo Neira Ayuso
2007-06-04 10:44 ` Tarek W.
0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2007-06-04 10:41 UTC (permalink / raw)
To: netfilter-devel, jasan; +Cc: Harald Welte
Jan wrote:
> I'd like to submit a patch changing few IMHO important sections of
> the FAQ. I think there are still many old sections which no-one
> sould be interested in anymore. It could be useful to just keep
> the older revision available and cleanse the current one (I would
> gladly do it).
Indeed, the FAQ is outdated. We're looking for people interested in
maintaining documentation. Would you be willing to do it? If so, please
make sure you use a recent SVN working copy since your patch didn't
apply cleanly, anyhow I have fixed and applied it.
If you aren't sure about the status of any question, just drop me a line.
Thanks.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [jasan@x31.com: Netfilter FAQ patch]
2007-06-04 10:41 ` Pablo Neira Ayuso
@ 2007-06-04 10:44 ` Tarek W.
2007-06-04 10:52 ` Pablo Neira Ayuso
0 siblings, 1 reply; 4+ messages in thread
From: Tarek W. @ 2007-06-04 10:44 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Harald Welte, netfilter-devel, jasan
Hi guys,
I ported the FAQ some time ago to Docbook XML as per Harald's request.
You might find it has a cleaner structure and more updated content.
Tarek
On 6/4/07, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> Jan wrote:
> > I'd like to submit a patch changing few IMHO important sections of
> > the FAQ. I think there are still many old sections which no-one
> > sould be interested in anymore. It could be useful to just keep
> > the older revision available and cleanse the current one (I would
> > gladly do it).
>
> Indeed, the FAQ is outdated. We're looking for people interested in
> maintaining documentation. Would you be willing to do it? If so, please
> make sure you use a recent SVN working copy since your patch didn't
> apply cleanly, anyhow I have fixed and applied it.
>
> If you aren't sure about the status of any question, just drop me a line.
>
> Thanks.
>
> --
> The dawn of the fourth age of Linux firewalling is coming; a time of
> great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [jasan@x31.com: Netfilter FAQ patch]
2007-06-04 10:44 ` Tarek W.
@ 2007-06-04 10:52 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2007-06-04 10:52 UTC (permalink / raw)
To: Tarek W.; +Cc: Harald Welte, netfilter-devel, jasan
Hi Tarek,
Tarek W. wrote:
> I ported the FAQ some time ago to Docbook XML as per Harald's request.
>
> You might find it has a cleaner structure and more updated content.
Thanks, I didn't notice. Let's use the XML file instead then.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-06-04 10:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-04 7:15 [jasan@x31.com: Netfilter FAQ patch] Harald Welte
2007-06-04 10:41 ` Pablo Neira Ayuso
2007-06-04 10:44 ` Tarek W.
2007-06-04 10:52 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.