On 2/20/19 3:40 PM, Simon Hobson wrote:
> Erich Titl <erich.t...@think.ch> wrote:
>
>> But back to shorewall, do you see any way
>> your work could be carried on?
> One of the issues is that iptables is being deprecated. AIUI, it's already to 
> the stage where nft must be installed and ipt cmd line tools are being 
> relabelled *-legacy - and they call translation tools to translate ipt calls 
> into nft. Or something like that.
> There's also the bpf package that looks like it might be better - but it's 
> only at an early stage.
>
> Whatever happens, Shorewall as it is now will be obsolete. It would need 
> someone with a good skill set (which rules me out) to determine which parts 
> can be re-used, and to write new translators to convert the Shorewall configs 
> into whatever packet filtering system ends up becoming "the standard".
>
> So given that there's this huge "end of the line" sign up for iptables based 
> tools, seems like a good time for Tom to be stopping the train. He's driven 
> it well for a good time - and I think we all agree he has saved us all a heck 
> of a lot of pain over the years.

TBH now that Tom's gone I'm looking at a Next-gen firewall
<https://en.wikipedia.org/wiki/Next-generation_firewall> like SecurityOnion.

Other suggestions welcomed.


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to