Brian J. Murrell
2009-May-08 13:55 UTC
shorewall and shorewall6 managed completely separately?
Hi, It seems so, but I just wanted to confirm before I dive into Shorewall6... on a given firewall, where I have both IPv4 and IPv6, I manage the shorewall configurations for each of those completely separately and install the rulesets entirely separately with their respective tools? I''m not (yet) sure how much overlap there may or may not be between my v4 and v6 configurations and rules, but it seems at first glance that there must be at least some overlap. Are there any plans to try to roll both the v4 and v6 tools and configurations into a single package, set of tools and configuration? Cheers, b. ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there''s a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you''ll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
Tom Eastep
2009-May-08 17:19 UTC
Re: shorewall and shorewall6 managed completely separately?
Brian J. Murrell wrote:> Hi, > > It seems so, but I just wanted to confirm before I dive into > Shorewall6... on a given firewall, where I have both IPv4 and IPv6, I > manage the shorewall configurations for each of those completely > separately and install the rulesets entirely separately with their > respective tools?Brian, Have you read http://www.shorewall.net/IPv6Support.html#id259611 entitled "IPv4/IPv6 Interaction"?> > I''m not (yet) sure how much overlap there may or may not be between my > v4 and v6 configurations and rules, but it seems at first glance that > there must be at least some overlap. Are there any plans to try to roll > both the v4 and v6 tools and configurations into a single package, set > of tools and configuration?If and when I decide to write a Shorewall-like package based on nftables, it will probably support both in a single configuration. That certainly won''t happen before I retire though, and, given the state of my 401k, that won''t be any time soon. -Tom ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there''s a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you''ll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com