New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
shorewall: init at 5.2.3.3 #46131
shorewall: init at 5.2.3.3 #46131
Conversation
@GrahamcOfBorg build shorewall |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
pkgs/top-level/all-packages.nix
Outdated
shorewall = callPackage ../tools/networking/shorewall { | ||
# For the `logger' command, we can use either `utillinux' or | ||
# GNU Inetutils. The latter is more portable. | ||
logger = if stdenv.isLinux then utillinux else inetutils; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this package depends on iptables it will not run on any other platform.
@GrahamcOfBorg build shorewall |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Address other comments, please.
Why are there two versions for ipv4/ipv6? I'd think these can be combined into a single package |
|
Yeah unless there's a good reason I'd like to have just a single derivation for them. I can't make any sense of them being different |
Hi, nice work here! I would like to use this, what is keeping it back? |
@GrahamcOfBorg build shorewall |
nixos/shorewall: init
@GrahamcOfBorg build shorewall |
I squashed the commits, fixed up a reference to IPv4 and changed it to use pname instead of baseName |
aarch64-linux ofborg build was successful, I built locally on x86_64 NixOS and it won't need to build on darwin, so I'm going to merge this. |
Motivation for this change
The Shoreline Firewall is a great firewall based upon Linux's Netfilter: "Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful."
Things done
sandbox
innix.conf
on non-NixOS)NOTE: only tested manually with a very basic setup.
nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)FIXME: maintainers field not set so far.
FIXME
A lot of
collision between
happen between theshare/shorewall
from theshorewall
package and theshare/shorewall
from theshorewall6
package.No idea if this is that bad, nor how to fix this. Maybe there is a cleaner way to let
shorewall
reuseshorewall-core
, and likewise to letshorewall6
reuse both of them. Currently theinstallPhase
s docp -r -s ${shorewall-core} $out
orcp -r -s ${shorewall}/share/shorewall $out/share/
.