[Swan] iptables
Nick Howitt
nick at howitts.co.uk
Sun Sep 24 10:25:14 EEST 2023
Is this going in slightly the wrong direction? Documenting the variables
may be a nice idea, but isn't the method of setting them by editing the
config.mk a bit off? Can't you just do something like:
HAVE_NFTABLES=true make
or
export HAVE_NFTABLES=true
make
On 23/09/2023 15:58, manfred wrote:
> As a suggestion, it may be useful for config.mk to have a comment list
> of USE_* and HAVE_* variables that may be enabled in the right place.
>
>
> On 9/23/2023 10:50 AM, manfred wrote:
>> mk/defaults/linux.mk has this:
>>
>> ifneq ($(HAVE_NFTABLES), true)
>> HAVE_IPTABLES ?= true
>> endif
>>
>> So, most likely you have to define:
>>
>> HAVE_NFTABLES ?= true
>>
>> early in config.mk.
>>
>>
>> On 9/23/2023 8:49 AM, Armen Dilanyan wrote:
>>> Can you please specify what needs to be edited in the mk/config.mk
>>> file?
>>> Remove the lines from the file:
>>> /*-e "s:@HAVE_IPTABLES@:$(HAVE_IPTABLES):g" \*/
>>> and
>>> /*# iptables for CAT, or NFLOG, look, barf, verify*/
>>> /*HAVE_IPTABLES ?= false*/
>>> /*ifeq ($(HAVE_IPTABLES),true)*/
>>> /*USERLAND_CFLAGS += -DHAVE_IPTABLES*/
>>> /*endif*/
>>> 23.09.2023, 18:24, "Paul Wouters" <paul at nohats.ca>:
>>>
>>> There is an option to build with nftables that can be enabled. See
>>> mk/config.mk
>>>
>>> Sent using a virtual keyboard on a phone
>>>
>>> On Sep 23, 2023, at 05:24, Armen Dilanyan <ad at 2ip.am
>>> <mailto:ad at 2ip.am>> wrote:
>>>
>>>
>>> Hello dear community,
>>>
>>> I would like to discuss an important matter with you.
>>>
>>> Currently, Libreswan has a dependency on the iptables
>>> package.
>>> However, in recent versions of the GNU/Debian operating system,
>>> iptables is no longer installed by default, and it has been
>>> replaced by nftables. The developers of netfilter are planning
>>> to fully replace iptables with nftables in the future.
>>> Installing both iptables and nftables simultaneously may not be
>>> practical.
>>>
>>> My question is whether Libreswan is considering the
>>> possibility of removing its dependency on iptables and
>>> transitioning to using nftables. Is it possible to build the
>>> Libreswan package from source without the iptables dependency?
>>>
>>> I appreciate your attention to this matter and look
>>> forward to
>>> hearing your insights.
>>> _______________________________________________
>>> Swan mailing list
>>> Swan at lists.libreswan.org <mailto:Swan at lists.libreswan.org>
>>> https://lists.libreswan.org/mailman/listinfo/swan
>>> <https://lists.libreswan.org/mailman/listinfo/swan>
>>>
>>>
>>> _______________________________________________
>>> Swan mailing list
>>> Swan at lists.libreswan.org
>>> https://lists.libreswan.org/mailman/listinfo/swan
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230924/42866882/attachment.htm>
More information about the Swan
mailing list