[netfilter-cvslog] r6856 - trunk/documentation/FAQ
pablo at netfilter.org
pablo at netfilter.org
Mon Jun 4 13:38:34 CEST 2007
Author: pablo at netfilter.org
Date: 2007-06-04 13:38:34 +0200 (Mon, 04 Jun 2007)
New Revision: 6856
Modified:
trunk/documentation/FAQ/netfilter-faq.sgml
Log:
update FAQ
- Pablo's failover conntrack-tools reference
- CVS was replaced ages ago
- We've got SIP support
Modified: trunk/documentation/FAQ/netfilter-faq.sgml
===================================================================
--- trunk/documentation/FAQ/netfilter-faq.sgml 2007-06-04 11:06:31 UTC (rev 6855)
+++ trunk/documentation/FAQ/netfilter-faq.sgml 2007-06-04 11:38:34 UTC (rev 6856)
@@ -3,7 +3,7 @@
<article>
<title>netfilter/iptables FAQ</title>
-<author>Harald Welte <laforge at gnumonks.org></author>
+<author>Harald Welte <coreteam at netfilter.org></author>
<date>Version $Revision$, $Date$</date>
<abstract>
@@ -21,16 +21,13 @@
<sect1>Where can I get netfilter/iptables?
<p>
-Netfilter and IPtables are integrated in the Linux 2.4.x kernel series.
+Netfilter and IPtables are integrated in the Linux kernel since 2.4.x series.
Please obtain a recent kernel from <url url="http://www.kernel.org/"> or
one of its mirrors.
<p>
-The userspace tool 'iptables' is available at the netfilter homepage on one of the mirrors at
-<url url="http://www.netfilter.org/">,
-<url url="http://www.iptables.org/">,
-<url url="http://netfilter.samba.org/">,
-<url url="http://netfilter.gnumonks.org/"> or
-<url url="http://netfilter.filewatcher.org/">.
+The userspace tools 'iptables' and 'ip6tables' are available at the netfilter homepage on one of the mirrors at
+<url url="http://www.netfilter.org/"> or
+<url url="http://www.iptables.org/">.
</sect1>
<sect1>Is there a backport of netfilter to Linux 2.2?
@@ -71,7 +68,7 @@
developed and tested in netfilter patch-o-matic first. If you
want to use any of the bleeding-edge netfilter functions, you may have
to apply one or more of the patches from patch-o-matic. You can find
-patch-o-matic in the latest iptables package (or of course CVS), to be
+patch-o-matic in the latest iptables package (or of course SVN), to be
downloaded from the netfilter homepage.
<p>
patch-o-matic now has three different options:
@@ -129,22 +126,14 @@
<p>
An implementation of conntrack and NAT for the SIP (Session Initiation
Protocol) has been in the patch-o-matic for some time now implemented by
-Christian Hentschel. The implementation will be in Kernel 2.6.18.
+Christian Hentschel. The implementation is available since Linux Kernel 2.6.18.
</sect1>
<sect1>Does netfilter/iptables support failover/HA?
<p>
-The answer is a clear 'yes' and 'no'.
-<p>
If you are thinking about a full failover, while all the state
-information is preserved: <bf>Not really</bf>. Doing state synchronization
-between multiple nodes is a difficult process. Harald (of the netfilter core
-team) has published a paper about this, but not yet found any sponsor to fund
-the development. Meanwhile, you can try to use our 'connection pickup'
-feature, which [after a failover] tries to pick up already established
-connections: <bf>Might be sufficient depending on the requirements</bf>.
-<p>If you do NAT and want to preserve your NAT mappings: <bf>No</bf>.
-<p>If you do statless packet filtering: <bf>Yes</bf>
+information is preserved, you have to use <bf>conntrack-tools</bf>
+from <url url="http://people.netfilter.org/pablo/conntrack-tools/">.
</sect1>
@@ -182,7 +171,7 @@
If you are using iptables <= 1.2.2, you <bf>NEED</bf> to apply the
`dropped-table' and `ftp-fixes' patches.
<p>
-If you are using iptables > 1.2.2 or recent CVS, please <bf>don't</bf> apply
+If you are using iptables > 1.2.2 or recent SVN, please <bf>don't</bf> apply
the 'dropped-table', as it is incompatible with BALANCE, NETMAP, irc-nat,
SAME and talk-nat.
</sect1>
@@ -285,9 +274,8 @@
code
<p>
So you want to build a completely transparent firewall? Great idea!
-As of kernel 2.4.16, you still need to patch your kernel with an extra
-patch to get this running. You can find it at
-<url url="http://bridge.sourceforge.net/">.
+In current kernel there is no need to patch anything. You can find more at
+<url url="http://linux-net.osdl.org/index.php/Bridge">.
</sect1>
@@ -364,7 +352,7 @@
<sect1>iptables-save / iptables-restore from iptables-1.2 segfaults
<p>
-Known Bug. Please update to latest CVS or use iptables >= 1.2.1 as
+Known Bug. Please update to latest SVN or use iptables >= 1.2.1 as
soon as it is available.
</sect1>
@@ -550,7 +538,7 @@
Other code examples include:
<itemize>
-<item>testsuite/tools/intercept.c from netfilter CVS
+<item>testsuite/tools/intercept.c from netfilter SVN
<item>ipqmpd (see <url url="http://www.gnumonks.org/projects/">)
<item>nfqtest, part of netfilter-tools (see <url url="http://www.gnumonks.org/projects/">)
<item>Jerome Etienne's WAN simulator (see <url url="http://www.off.net/~jme/">)
@@ -579,9 +567,9 @@
<sect1>I want to contribute some code, but have no idea what to do
<p>
The netfilter core-team keeps a TODO list where it lists all the desired
-changes / new features. You can retrieve this list via anonymous CVS,
+changes / new features. You can retrieve this list via anonymous SVN,
instructions are on the netfilter Homepage. Alternatively you can also go
-to <url url="http://cvs.netfilter.org/cgi-bin/cvsweb/netfilter/TODO/"> using
+to <url url="http://svn.netfilter.org/cgi-bin/cvsweb/netfilter/TODO/"> using
CVSweb.
</sect1>
@@ -594,7 +582,7 @@
<itemize>
<item> Subject starting with <bf>[PATCH]</bf>
<item> Included straight in the body of the message, not MIME'd.
-<item> a cvs-checkin/Changelog entry outside the diff.
+<item> a svn-checkin/Changelog entry outside the diff.
<item> `diff -u old new' form, from outside root directory (ie. can be applied with -p1 when sitting in the untarred dir.
</itemize>
More information about the netfilter-cvslog
mailing list