fwbuilder – MBSE Web

It has been quiet the last months here, but there were reasons for that. The most time consuming reason was that I started to brew beer, but there were some other projects too.

The home server project got some big changes. The virtual machines were migrated from VirtualBox to LinuX Containters. This makes the system a whole lot faster, and makes that you can use lighter machines to run this project. The new Raspberry should do fine. Anyway, it took some time before I could document it all, but now it’s ready (I hope).

The firewall configuration is replaced. I used to use firewallbuilder, but that project was abandoned. So I decided to write some scripts that generates the firewall rules using some configuration files. These are available as Slackware package too.

If you use fwbuilder to configure the firewalls on your server, then don’t upgrade to iptables 1.4.16 but keep 1.4.15. Version 1.4.16 does work, but you will see a lot of warnings like:

WARNING: The state match is obsolete. Use conntrack instead.

The syntax of several iptables and ip6tables commands will change, and fwbuilder needs an upgrade so that the correct rules will be generated again. It’s just a matter of time until it really doesn’t work anymore. To stop upgrading, add IgnorePkg = iptables in /etc/pacman.conf until a fwbuilder will be released that generates the new syntax. The iptables package only depends on glibc, and as long as there is no major glibc update you can safely use the 1.4.15 version.

Tag: fwbuilder

VirtualBox to LXC migration.

Iptables >= 1.4.16 and fwbuilder doesn’t work