On Sat, Apr 23, 2005 at 05:38:09PM +0200, Hans Spaans wrote:
> Wesley J. Landaker wrote:
>
> > 2) Are there any packages currently in Debian that support making IPv6
> > firewalls? (For IPv4, I am currently using firehol; I have used shorewall
> > in the past (I've heard of, but no little about 6wall); I'm not an iptables
> > expert, but I roughly know how to make it work).
>
> [2]Fwbuilder may support ipv6 now, but I'm not sure. But then again,
> when you know iptables you can learn ip6tables pretty quickly by
> understanding how ipv6 works.
>
As the maintainer for Fwbuilder, I can say that Fwbuilder does
not at this time support IPv6 firewalling. I've discussed the issue with
Vadim Kurland, the upstream author, on several occassions and he's said
it's on the idea board but no plan as to implementation yet. The good
news is that the way Fwbuilder is currently written IPv4 support is a
separate object so in theory adding an IPv6 object and the support
needed to the include it should be relatively easy. I've looked at
preparing a patch to include IPv6 support but haven't have the time
myself.
If someone else has more time might look into developing a
patch. I know Vadim is fairly responsive to patches I've made for the
Debian packaging as not one has been denied to date. I would actually
start looking in libfwbuilder under src/fwbuilder/IPv4.{cpp,h} for
examples of how he implemented the IPv4 address objects and then in
libfwbuilder2 under src/gui/IPv4*.{cpp,h} to see how he handles the
dialogs relating to it. Then it's a matter of going into
fwbuilder2/src/ipt and working the IPv6 objects into the policy compiler
output. Also would need to look at how he has the iptables preferences
setup to duplicate and modify for ip6tables.
Regards,
Jeremy
Attachment:
signature.asc
Description: Digital signature