On Sat, Apr 23, 2005 at 05:38:09PM +0200, Hans Spaans wrote: > Wesley J. Landaker wrote: > > > 2) Are there any packages currently in Debian that support making IPv6 > > firewalls? (For IPv4, I am currently using firehol; I have used shorewall > > in the past (I've heard of, but no little about 6wall); I'm not an iptables > > expert, but I roughly know how to make it work). > > [2]Fwbuilder may support ipv6 now, but I'm not sure. But then again, > when you know iptables you can learn ip6tables pretty quickly by > understanding how ipv6 works. > As the maintainer for Fwbuilder, I can say that Fwbuilder does not at this time support IPv6 firewalling. I've discussed the issue with Vadim Kurland, the upstream author, on several occassions and he's said it's on the idea board but no plan as to implementation yet. The good news is that the way Fwbuilder is currently written IPv4 support is a separate object so in theory adding an IPv6 object and the support needed to the include it should be relatively easy. I've looked at preparing a patch to include IPv6 support but haven't have the time myself. If someone else has more time might look into developing a patch. I know Vadim is fairly responsive to patches I've made for the Debian packaging as not one has been denied to date. I would actually start looking in libfwbuilder under src/fwbuilder/IPv4.{cpp,h} for examples of how he implemented the IPv4 address objects and then in libfwbuilder2 under src/gui/IPv4*.{cpp,h} to see how he handles the dialogs relating to it. Then it's a matter of going into fwbuilder2/src/ipt and working the IPv6 objects into the policy compiler output. Also would need to look at how he has the iptables preferences setup to duplicate and modify for ip6tables. Regards, Jeremy
Attachment:
signature.asc
Description: Digital signature