The Shorewall firewall developer, Mr Tom Eastep is finally calling it quits, and the next release will be his final one. Retiring in his mid 70s after years of developing this awesome software is something most of us would humbly understand and appreciate after years of dedication.
It appears that he was the sole developer of the Shorewall, and I wonder if the community will take over the project and continue with his great work.
How will Nethserver prepare for the transition ? What firewall alternatives could be considered ?
Seems that @giacomo is not a real car guy…
Anyway…
The (possible) replacement will consider a ratelimiter as option? And maybe a GeoIP Interface for use Nations and ISPs as Firewall Objects?
I have absolutely no idea, we didn’t analyze it so deep.
IMHO, as long as the geoip is not shipped with the default kernel, it shouldn’t be included as iptables modules. Of course, we can emulate something like that using ipsets and black lists.
About rate-limiting, shorewall already supports it, but nobody else requested the feature: take a look to “Rate” section here: http://shorewall.net/manpages/shorewall-rules.html
Anyway, if you would like to try implementing it take a look to the relevant code: PRs are welcome!