I have spent the last few weeks polishing Michael and my
Generic IP Firewall chains code & docs, and am now running it on my
production system. I anticipate only minor tweaks from now on. My
exhaustive packet-matching test suite is about half-way through and
has yet to find a flaw.
What:
A replacement for `ipfwadm' and a patch for 2.1.64 or 65.
Why:
o Simpler chain management
o Ability to invert rules
o 64-bit counters on x86
o More flexible packet accounting
o Control over fragments
o Can specify protocols other than ICMP/TCP/UDP.
o Packet `marking' for use with Quality of Service when it
hits the mainstream 2.1 series.
Where:
http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html
New:
o I now regard the code as BETA rather than alpha.
o Docs updated, minor bug with reading large chains fixed.
o Now has a (thorough) HOWTO.
o Convenience scripts `ipchains-save' and `ipchains-restore'.
o ipfwadm emulation in alpha test.
Rusty.
PS. ``Go Team Hawes!''
-- .sig lost in the mail.