On Nov 7 2007 13:24, Peter Warasin wrote: >Jan Engelhardt wrote: >> On Nov 5 2007 01:13, Peter Warasin wrote: >>> Most firewall scripts (for example fwbuilder, shorewall, firehole, >>> etc..) work always this way: >> fwbuilder uses (can use) iptables-save. > >I see, cool! I missed that one the last time i tried. >Think i should give it another try. > >At the other hand it's a compiler, which rebuilds from scratch, isn't it?. Yes, like most other compilers (e.g. C/C++) do, it turns a list of "GUI rules" into implementation-specific (e.g. iptables) commands. I would not even see why it would have to use iptables-edit (not that it would be useless, but translators do not need it). >Another advantage (can also be a disadvantage) is that iptables-edit >don't rebuild the entire firewall ruleset from scratch, so one can have >it's manually added iptables rules which then do not disappear after >next iptables-restore. GUI progs generally do not support modifying a "running table" (the one the kernel uses), exactly because you do not know which rules are automatically generated and which are not. Which is why you will have to add your custom rules inside the GUI. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
