On 2/20/19 3:40 PM, Simon Hobson wrote: > Erich Titl <erich.t...@think.ch> wrote: > >> But back to shorewall, do you see any way >> your work could be carried on? > One of the issues is that iptables is being deprecated. AIUI, it's already to > the stage where nft must be installed and ipt cmd line tools are being > relabelled *-legacy - and they call translation tools to translate ipt calls > into nft. Or something like that. > There's also the bpf package that looks like it might be better - but it's > only at an early stage. > > Whatever happens, Shorewall as it is now will be obsolete. It would need > someone with a good skill set (which rules me out) to determine which parts > can be re-used, and to write new translators to convert the Shorewall configs > into whatever packet filtering system ends up becoming "the standard". > > So given that there's this huge "end of the line" sign up for iptables based > tools, seems like a good time for Tom to be stopping the train. He's driven > it well for a good time - and I think we all agree he has saved us all a heck > of a lot of pain over the years.
TBH now that Tom's gone I'm looking at a Next-gen firewall <https://en.wikipedia.org/wiki/Next-generation_firewall> like SecurityOnion. Other suggestions welcomed.
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users