Generic IP Chains v1.1 Released - Testers Wanted.

Paul Rusty Russell (
Thu, 20 Nov 1997 22:27:12 +1100

Hello all.

I have spent the last few weeks polishing Michael and my
Generic IP Firewall chains code & docs, and am now running it on my
production system. I anticipate only minor tweaks from now on. My
exhaustive packet-matching test suite is about half-way through and
has yet to find a flaw.

A replacement for `ipfwadm' and a patch for 2.1.64 or 65.

o Simpler chain management
o Ability to invert rules
o 64-bit counters on x86
o More flexible packet accounting
o Control over fragments
o Can specify protocols other than ICMP/TCP/UDP.
o Packet `marking' for use with Quality of Service when it
hits the mainstream 2.1 series.


o I now regard the code as BETA rather than alpha.
o Docs updated, minor bug with reading large chains fixed.
o Now has a (thorough) HOWTO.
o Convenience scripts `ipchains-save' and `ipchains-restore'.
o ipfwadm emulation in alpha test.

PS. ``Go Team Hawes!''

 .sig lost in the mail.