[Swan] iptables

Nick Howitt nick at howitts.co.uk
Sun Sep 24 10:25:14 EEST 2023 

Is this going in slightly the wrong direction? Documenting the variables 
may be a nice idea, but isn't the method of setting them by editing the 
config.mk a bit off? Can't you just do something like:

HAVE_NFTABLES=true make

or

export HAVE_NFTABLES=true
make

On 23/09/2023 15:58, manfred wrote:
> As a suggestion, it may be useful for config.mk to have a comment list 
> of USE_* and HAVE_* variables that may be enabled in the right place.
>
>
> On 9/23/2023 10:50 AM, manfred wrote:
>> mk/defaults/linux.mk has this:
>>
>> ifneq ($(HAVE_NFTABLES), true)
>>    HAVE_IPTABLES ?= true
>> endif
>>
>> So, most likely you have to define:
>>
>> HAVE_NFTABLES ?= true
>>
>> early in config.mk.
>>
>>
>> On 9/23/2023 8:49 AM, Armen Dilanyan wrote:
>>> Can you please specify what needs to be edited in the mk/config.mk 
>>> file?
>>> Remove the lines from the file:
>>> /*-e "s:@HAVE_IPTABLES@:$(HAVE_IPTABLES):g" \*/
>>> and
>>> /*# iptables for CAT, or NFLOG, look, barf, verify*/
>>> /*HAVE_IPTABLES ?= false*/
>>> /*ifeq ($(HAVE_IPTABLES),true)*/
>>> /*USERLAND_CFLAGS += -DHAVE_IPTABLES*/
>>> /*endif*/
>>> 23.09.2023, 18:24, "Paul Wouters" <paul at nohats.ca>:
>>>
>>>     There is an option to build with nftables that can be enabled. See
>>>     mk/config.mk
>>>
>>>     Sent using a virtual keyboard on a phone
>>>
>>>           On Sep 23, 2023, at 05:24, Armen Dilanyan <ad at 2ip.am
>>> <mailto:ad at 2ip.am>> wrote:
>>>
>>>           
>>>           Hello dear community,
>>>
>>>           I would like to discuss an important matter with you.
>>>
>>>           Currently, Libreswan has a dependency on the iptables 
>>> package.
>>>         However, in recent versions of the GNU/Debian operating system,
>>>         iptables is no longer installed by default, and it has been
>>>         replaced by nftables. The developers of netfilter are planning
>>>         to fully replace iptables with nftables in the future.
>>>         Installing both iptables and nftables simultaneously may not be
>>>         practical.
>>>
>>>           My question is whether Libreswan is considering the
>>>         possibility of removing its dependency on iptables and
>>>         transitioning to using nftables. Is it possible to build the
>>>         Libreswan package from source without the iptables dependency?
>>>
>>>           I appreciate your attention to this matter and look 
>>> forward to
>>>         hearing your insights.
>>>           _______________________________________________
>>>           Swan mailing list
>>> Swan at lists.libreswan.org <mailto:Swan at lists.libreswan.org>
>>> https://lists.libreswan.org/mailman/listinfo/swan
>>> <https://lists.libreswan.org/mailman/listinfo/swan>
>>>
>>>
>>> _______________________________________________
>>> Swan mailing list
>>> Swan at lists.libreswan.org
>>> https://lists.libreswan.org/mailman/listinfo/swan
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230924/42866882/attachment.htm>

More information about the Swan mailing list