GNU bug report logs - #32465
Add iptables service

Previous Next

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Arun Isaac <arunisaac <at> systemreboot.net>
Cc: 32465 <at> debbugs.gnu.org, Julien Lepiller <julien <at> lepiller.eu>
Subject: [bug#32465] Add iptables service
Date: Mon, 10 Sep 2018 14:51:58 +0200

Hello,

Arun Isaac <arunisaac <at> systemreboot.net> skribis:

>> it's not directly an answer to arun's patch (it is great), but I 
>> recently came accross firemason 
>> (http://www.cs.yale.edu/homes/zhai-ennan/firemason.pdf and 
>> https://github.com/BillHallahan/FireMason) and I thought we could 
>> implement something similar.
>
> This sounds interesting. I'll read about it, and if I can, try to
> implement something similar for Guix.

Agreed, it looks nice.

>> Of course, we should provide a mechanism to load files as a fallback, in 
>> which case additional rules from services should be ignored.
>
> Yes, I think this iptables service should exist independently as a
> fallback. So, I'll finish and push these services before studying
> firemason.

The nice thing is that we could detect conflicting iptables rules
statically if we wanted to: ‘guix system reconfigure’ would proceed if
and only if there are no conflicting rules.  I don’t know how difficult
and how annoying that could be, but it might be worth considering (as
future work…).

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.