On Mon, 03 Feb 2025 17:38:34 -0500 "Brian J. Murrell" <br...@interlinx.bc.ca> wrote:
> On Mon, 2025-02-03 at 23:06 +0200, Tuomo Soini via Shorewall-users > wrote: > > > > That way you unfortunately loose all dynamic firewall changes like > > dns > > resolving. > > Can you expand on that? How does foomuuri utilize DNS in it's rules? > Is it simply resolving names to IP addresses at rule generation time > or is it more sophisticated than that? You said "dynamic" so I am > suspecting it's more sophisticated than that. https://github.com/FoobarOy/foomuuri/wiki/Configuration#resolve > > It is easy to manage firewall rules with ansible or similar. > > I think ansible is pretty heavy (python) for embedded platforms. You don't run ansible on target systems, usually. > Does foomuuri transparently handle the need for IPv4 [D]NAT (to > traverse into a NATted network) along with it's single IPv4/IPv6 > configuration syntax? If you define masquerade only for ipv4 addresses, it is only for ipv4. https://github.com/FoobarOy/foomuuri/wiki/Configuration#snat -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users