There is a new version of net-firewall/arno-iptables-firewall out. Also the homepage has changed. Old and BAD: http://rocky.molphys.leidenuniv.nl/ New and GOD: http://rocky.eld.leidenuniv.nl/joomla/ Regards Reproducible: Always Steps to Reproduce:
Thanks for the version bump notice. Assigning to maintainer
Yeah, I bumped into the wrong homepage problem, too and was just about to file a bug.
Would like to add to the request for a version bump. Version 2.0.0 final/stable has been released: http://rocky.eld.leidenuniv.nl/pipermail/firewall/2010-November/001812.html (see also http://rocky.eld.leidenuniv.nl/joomla/ )
Version 2.0.0a, minor bugfix release: http://rocky.eld.leidenuniv.nl/pipermail/firewall/2010-December/001835.html
Created attachment 259129 [details] Raw ebuild attempt for arno-iptables-firewall-2.0.0a Raw ebuild attempt for arno-iptables-firewall-2.0.0a based on arno-iptables-firewall-1.9.2d. Changes compared to original ebuild: - Updated homepage - Added dependency on iproute2, current stable version Tested on Hardened Gentoo amd64, works without problems. Might be better with some kernel checks in the ebuild though. In the past I encountered several "No chain/target/match by that name"-errors, last time due to having CONFIG_NETFILTER_XT_TARGET_DSCP unset.
*** Bug 380543 has been marked as a duplicate of this bug. ***
Please update the version in the Summary field instead of filing new bug reports.
Created attachment 284721 [details] arno-iptables-firewall-2.0.0b.ebuild
Forgot to add iproute, both iptables and iproute should be RDEPS..
Created attachment 284723 [details] arno-iptables-firewall-2.0.0b.ebuild Fixed RDEPs
2.0.1 ("stable") has been released a couple of days ago.
*** Bug 382205 has been marked as a duplicate of this bug. ***
Is anybody willing to proxy maintain this orphan package? http://www.gentoo.org/proj/en/qa/proxy-maintainers/index.xml
(In reply to comment #13) > Is anybody willing to proxy maintain this orphan package? > http://www.gentoo.org/proj/en/qa/proxy-maintainers/index.xml ping! ;)
Current version is at 2.0.1b if I grok correctly. My prior experience is with ipchains. Living behind a router I just pretty much have been doing without a firewall for years. I will get back to you on the proxy maintainer if no one else takes the job soon. I have the intention to set up a server in a dmz and the hardware is in place and gentoo hardened installed. Not an ideal setup for the job, should likely be someone who is able to make a box that tests all phases such as NAT et cetera. Would rather see someone else step up though.
Hi, Would it be possible to add this version to portage? The latest available package net-firewall/arno-iptables-firewall-1.9.2d has a problem with the latest stable net-firewall/iptables-1.4.16.3, because the former is still using the '-m state --state' instead of -m conntrack --ctstate in some of its rules (e.g. for -m state --state ESTABLISHED). This warnings are printed on the console when running /etc/init.d/arno-iptables-firewal restart: ================================ Setting up OUTPUT policy for the external net (INET): Allowing all (other) ports/protocols Applying INET policy to external interface: eth0 (without an external subnet specified) WARNING: The state match is obsolete. Use conntrack instead. WARNING: The state match is obsolete. Use conntrack instead. WARNING: The state match is obsolete. Use conntrack instead. ================================ -- Regards, Mick
Bumped in 447386 *** This bug has been marked as a duplicate of bug 447386 ***