nftables: configuring fails if no firewall program specified
NicholasFahey opened this issue · comments
How should I be configuring fwknop if my system's only firewall binary is nft
? I'm using CMD_CYCLE_OPEN and CMD_CYCLE_CLOSE with nft
, so I shouldn't have to specify a firewall binary but configure fails with
checking for firewall-cmd... no
checking for firewalld... no
checking for iptables... no
checking for ipfw... no
checking for pfctl... no
checking for ipf... no
configure: error: No firewall program was found or specified.
There's no way to tell configure I am using custom commands and to not check for a firewall binary. Seems like an oversight. I can work around it with something like --with-firewall-cmd=/usr/bin/nft
as a configure option but seems a bit hacky and misleading. Think there needs to be a configure option indicating that we are using custom scripts and not one of the supported firewalls.
Though it is a bit hacky, using --with-firewall-cmd=<some executable>
should work. In a similar situation, I used
--with-firewall-cmd=/bin/true. Ideally, a configure option to
specify cmd_cycle only or a --disable-firewall-cmd option would be the way
to go so configure would not look for a firewall command.
…-Damien
On Wed, Sep 2, 2020 at 11:09 AM Nicholas Fahey ***@***.***> wrote:
How should I be configuring fwknop if my system's only firewall binary is
nft? I'm using CMD_CYCLE_OPEN and CMD_CYCLE_CLOSE with nft, so I
shouldn't have to specify a firewall binary but configure fails with
checking for firewall-cmd... no
checking for firewalld... no
checking for iptables... no
checking for ipfw... no
checking for pfctl... no
checking for ipf... no
configure: error: No firewall program was found or specified.
There's no way to tell configure I am using custom commands and to not
check for a firewall binary. Seems like an oversight. I can work around it
with something like --with-firewall-cmd=/usr/bin/nft as a configure
option but seems a bit hacky and misleading. Think there needs to be a
configure option indicating that we are using custom scripts and not one of
the supported firewalls.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#320>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGRNJBUG27B32MVFS5WYDTSDZN2FANCNFSM4QTD2VRA>
.