Ticket #155 (new defect)
Opened 18 months ago
Last modified 16 months ago
iptables / ipset
| Reported by: | xenoterracide@gmail.com | Owned by: | roy |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | rc | Version: | 0.4 |
| Keywords: | Cc: |
Description
http://bugs.gentoo.org/show_bug.cgi?id=181045
I realize that ipset may not be anywhere even in the todo list for openrc and that it wouldn't be part of openrc. Creating a script for it has been... significantly painful since iptables doesn't require unless ipset rules are in place, then it requires it.
just thought that maybe you'd be interested in helping out, or perhaps openrc could somehow improve the framework to make this particular problem easier to handle.
Change History
comment:1 Changed 16 months ago by roy
comment:2 in reply to: ↑ description Changed 16 months ago by piavka@cs.bgu.ac.il
Replying to xenoterracide@…:
http://bugs.gentoo.org/show_bug.cgi?id=181045
I realize that ipset may not be anywhere even in the todo list for openrc and that it wouldn't be part of openrc. Creating a script for it has been... significantly painful since iptables doesn't require unless ipset rules are in place, then it requires it.
just thought that maybe you'd be interested in helping out, or perhaps openrc could somehow improve the framework to make this particular problem easier to handle.
Isn't it better just to put everything iptables, ipset related in /etc/conf.d/net
postup/preup/postdow/predown hooks?
I never use /etc/init.d/iptables since having the iptables,ipset,ebtables,tc staff in /etc/conf.d/net gives much more grained control based on status of each spearate interface
in the system.
comment:3 follow-up: ↓ 4 Changed 16 months ago by xenoterracide@gmail.com
possibly... that works now? never heard of that. perhaps all of this should be moved into 'networking' when roy starts his overhall on that.
comment:4 in reply to: ↑ 3 Changed 16 months ago by roy
Replying to xenoterracide@…:
possibly... that works now? never heard of that. perhaps all of this should be moved into 'networking' when roy starts his overhall on that.
The main overhaul bit for OpenRC is alread done .... it's just a simple command runner built aronund ifconfig/route/ip. It is incredibly simple in concept and very fast. It works very well on the BSD platforms because their ifconfig command is very powerful. In this regard, Linux ifconfig and ip are very weak but I aim to improve this - by providing a powerful ifconfig tool for Linux
However, it will not help this issue one little bit.
I'm not sure what, if anything, to do about this.