Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 1209 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature Request for QUEUE

JimmyM
It would be a great help if Astaro would include "QUEUE" as one of the available actions in the packet filter rules window. It shouldn't be a big issue. Just add QUEUE as a valid option in the pulldown, right?
This would be a great help. For those who don't care to use it, just don't select it when creating a filter rule.
Please.
Please.
Please. 


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to bergy
    The QUEUE action for a iptables rule sends the packet to the userspace where something like Snort-inline (wink, wink) can use snort IDS rules to block the packet instead of just sending an alert. It would allow ASL to be a content filtering firewall for those of us in the "ASL hacker" area to hack in a snort Intrusion Prevention System. 
  • 0 in reply to JimmyM
    I think I read somewhere that QUEUE was experimental?? 
  • 0 in reply to uncue75
    Considered experimental by who? It's been a part of iptables for some time now and works quite nicely. I'm not aware of any security holes it would introduce since it would, at the user's option, replace an "ALLOW" with "QUEUE" to perform further analysis on the packet. I would hope that ASL has experimented with it, since that might suggest they are considering it for incorporation into ASL. I can always hope.  [:)] 
  • 0 in reply to JimmyM
    I must have been reading out of date documentation.  I did I google search, so it's quite possible.  I know it wasn't the actually doc file. 
  • 0 in reply to uncue75
    Yah, I think it's reasonably stable. Certainly would be a great feature.