On Mon, 03 Feb 2025 17:38:34 -0500
"Brian J. Murrell" <br...@interlinx.bc.ca> wrote:

> On Mon, 2025-02-03 at 23:06 +0200, Tuomo Soini via Shorewall-users
> wrote:
> > 
> > That way you unfortunately loose all dynamic firewall changes like
> > dns
> > resolving.  
> 
> Can you expand on that?  How does foomuuri utilize DNS in it's rules? 
> Is it simply resolving names to IP addresses at rule generation time
> or is it more sophisticated than that?  You said "dynamic" so I am
> suspecting it's more sophisticated than that.

https://github.com/FoobarOy/foomuuri/wiki/Configuration#resolve

> > It is easy to manage firewall rules with ansible or similar.  
> 
> I think ansible is pretty heavy (python) for embedded platforms.

You don't run ansible on target systems, usually.

> Does foomuuri transparently handle the need for IPv4 [D]NAT (to
> traverse into a NATted network) along with it's single IPv4/IPv6
> configuration syntax?

If you define masquerade only for ipv4 addresses, it is only for ipv4.

https://github.com/FoobarOy/foomuuri/wiki/Configuration#snat


-- 
Tuomo Soini <t...@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to