[netfilter-cvslog] r6856 - trunk/documentation/FAQ

pablo at netfilter.org pablo at netfilter.org
Mon Jun 4 13:38:34 CEST 2007

Author: pablo at netfilter.org
Date: 2007-06-04 13:38:34 +0200 (Mon, 04 Jun 2007)
New Revision: 6856

update FAQ
- Pablo's failover conntrack-tools reference
- CVS was replaced ages ago
- We've got SIP support

Modified: trunk/documentation/FAQ/netfilter-faq.sgml
--- trunk/documentation/FAQ/netfilter-faq.sgml	2007-06-04 11:06:31 UTC (rev 6855)
+++ trunk/documentation/FAQ/netfilter-faq.sgml	2007-06-04 11:38:34 UTC (rev 6856)
@@ -3,7 +3,7 @@
 <title>netfilter/iptables FAQ</title>
-<author>Harald Welte &lt;laforge at gnumonks.org&gt;</author>
+<author>Harald Welte &lt;coreteam at netfilter.org&gt;</author>
 <date>Version $Revision$, $Date$</date>
@@ -21,16 +21,13 @@
 <sect1>Where can I get netfilter/iptables?
-Netfilter and IPtables are integrated in the Linux 2.4.x kernel series.
+Netfilter and IPtables are integrated in the Linux kernel since 2.4.x series.
 Please obtain a recent kernel from <url url="http://www.kernel.org/"> or
 one of its mirrors.
-The userspace tool 'iptables' is available at the netfilter homepage on one of the mirrors at
-<url url="http://www.netfilter.org/">,
-<url url="http://www.iptables.org/">,
-<url url="http://netfilter.samba.org/">,
-<url url="http://netfilter.gnumonks.org/"> or
-<url url="http://netfilter.filewatcher.org/">.
+The userspace tools 'iptables' and 'ip6tables' are available at the netfilter homepage on one of the mirrors at
+<url url="http://www.netfilter.org/"> or
+<url url="http://www.iptables.org/">.
 <sect1>Is there a backport of netfilter to Linux 2.2?
@@ -71,7 +68,7 @@
 developed and tested in netfilter patch-o-matic first.  If you
 want to use any of the bleeding-edge netfilter functions, you may have
 to apply one or more of the patches from patch-o-matic.   You can find
-patch-o-matic in the latest iptables package (or of course CVS), to be
+patch-o-matic in the latest iptables package (or of course SVN), to be
 downloaded from the netfilter homepage.
 patch-o-matic now has three different options:
@@ -129,22 +126,14 @@
 An implementation of conntrack and NAT for the SIP (Session Initiation
 Protocol) has been in the patch-o-matic for some time now implemented by
-Christian Hentschel. The implementation will be in Kernel 2.6.18.
+Christian Hentschel. The implementation is available since Linux Kernel 2.6.18.
 <sect1>Does netfilter/iptables support failover/HA?
-The answer is a clear 'yes' and 'no'.
 If you are thinking about a full failover, while all the state
-information is preserved: <bf>Not really</bf>.  Doing state synchronization
-between multiple nodes is a difficult process.  Harald (of the netfilter core
-team) has published a paper about this, but not yet found any sponsor to fund
-the development.  Meanwhile, you can try to use our 'connection pickup'
-feature, which [after a failover] tries to pick up already established
-connections: <bf>Might be sufficient depending on the requirements</bf>.
-<p>If you do NAT and want to preserve your NAT mappings: <bf>No</bf>.
-<p>If you do statless packet filtering: <bf>Yes</bf>
+information is preserved, you have to use <bf>conntrack-tools</bf>
+from <url url="http://people.netfilter.org/pablo/conntrack-tools/">.
@@ -182,7 +171,7 @@
 If you are using iptables &lt;= 1.2.2, you <bf>NEED</bf> to apply the
 `dropped-table' and `ftp-fixes' patches.
-If you are using iptables > 1.2.2 or recent CVS, please <bf>don't</bf> apply
+If you are using iptables > 1.2.2 or recent SVN, please <bf>don't</bf> apply
 the 'dropped-table', as it is incompatible with BALANCE, NETMAP, irc-nat,
 SAME and talk-nat.
@@ -285,9 +274,8 @@
 So you want to build a completely transparent firewall?  Great idea! 
-As of kernel 2.4.16, you still need to patch your kernel with an extra
-patch to get this running.  You can find it at
-<url url="http://bridge.sourceforge.net/">.
+In current kernel there is no need to patch anything. You can find more at
+<url url="http://linux-net.osdl.org/index.php/Bridge">.
@@ -364,7 +352,7 @@
 <sect1>iptables-save / iptables-restore from iptables-1.2 segfaults
-Known Bug.  Please update to latest CVS or use iptables >= 1.2.1 as 
+Known Bug.  Please update to latest SVN or use iptables >= 1.2.1 as 
 soon as it is available.
@@ -550,7 +538,7 @@
 Other code examples include:
-<item>testsuite/tools/intercept.c from netfilter CVS
+<item>testsuite/tools/intercept.c from netfilter SVN 
 <item>ipqmpd (see <url url="http://www.gnumonks.org/projects/">)
 <item>nfqtest, part of netfilter-tools (see <url url="http://www.gnumonks.org/projects/">)
 <item>Jerome Etienne's WAN simulator (see <url url="http://www.off.net/~jme/">)
@@ -579,9 +567,9 @@
 <sect1>I want to contribute some code, but have no idea what to do
 The netfilter core-team keeps a TODO list where it lists all the desired
-changes / new features. You can retrieve this list via anonymous CVS,
+changes / new features. You can retrieve this list via anonymous SVN,
 instructions are on the netfilter Homepage. Alternatively you can also go
-to <url url="http://cvs.netfilter.org/cgi-bin/cvsweb/netfilter/TODO/"> using
+to <url url="http://svn.netfilter.org/cgi-bin/cvsweb/netfilter/TODO/"> using
@@ -594,7 +582,7 @@
 <item> Subject starting with <bf>&#91;PATCH&#93;</bf>
 <item> Included straight in the body of the message, not MIME'd.
-<item> a cvs-checkin/Changelog entry outside the diff.
+<item> a svn-checkin/Changelog entry outside the diff.
 <item> `diff -u old new' form, from outside root directory (ie. can be applied with -p1 when sitting in the untarred dir.

More information about the netfilter-cvslog mailing list