path: root/article/gettext/dynamic-iptables-firewalls.xml.pot

msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2011-09-05 14:11+0600\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):6
msgid "Dynamic iptables firewalls"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(author:title):8
msgid "Author"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(mail:link):9
msgid "drobbins@gentoo.org"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(mail):9
msgid "Daniel Robbins"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(abstract):12
msgid "Firewalls are good and fun, but what do you do when you need to make rapid, complex changes to your firewall rules? Easy. Use Daniel Robbins' dynamic firewall scripts that are demonstrated in this article. You can use these scripts to increase your network security and responsiveness, and to inspire your own creative designs."
msgstr ""

#. The original version of this article was published on IBM developerWorks,
#. and is property of Westtech Information Services. This document is an updated
#. version of the original article, and contains various improvements made by the
#. Gentoo Linux Documentation team
#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(version):25
msgid "1.3"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(date):26
msgid "2005-10-09"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):29
msgid "Introduction"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):31
msgid "Flexible (and fun) network security"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):34
msgid "The best way to see the benefits of dynamic firewall scripts is to see them in action. To do this, let's imagine that I'm a sysadmin at an ISP, and I've recently set up a Linux-based firewall to protect my customers and internal systems from malicious users on the Internet. To do this, my firewall uses the new Linux 2.4 iptables stateful functionality to allow new outgoing connections to be established by my customers and servers, and of course to allow new incoming connections, but only to \"public\" services, such as web, ftp, ssh, and SMTP. Since I used a deny-by-default design, any from-Internet connections to non-public services, such as the squid proxy cache or Samba server, are automatically rejected. So far, I have a pretty decent firewall that offers a good level of protection for everyone at my ISP."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):48
msgid "For the first week or so, the firewall works great, but then something ugly happens: Bob, my arch-nemesis (who works at a competing ISP) decides that he wants to flood my network with packets in an attempt to deny service to my customers. Unfortunately, Bob has carefully studied my firewall and knows that while I'm protecting many internal services, port 25 and 80 must be publicly accessible so that I can receive mail and serve HTTP requests. Bob decides to take advantage of this fact by launching a bandwidth-sucking attack against my web and mail server."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):59
msgid "About a minute or so after Bob begins his attack, I notice that my uplinks start becoming saturated with packets. After taking a look at the situation with <c>tcpdump</c> I determine that this is yet another Bob attack, and I figure out what IP addresses he's using to launch it. Now that I have this information, all that I need to do is block these IP addresses, and that should solve the problem -- a simple solution, or so I think."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):72
msgid "Responding to an attack"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):75
msgid "I quickly load my firewall setup script into vi and begin hacking away at my iptables rules, modifying my firewall so that it'll block those evil incoming Bob packets. After a minute or so, I find the exact place to make the appropriate DROP rule additions, and I add them. Then, I start and stop the firewall...ooops, made a bit of a mistake when I added the rules. I load up the firewall scripts again, fix the problem, and thirty seconds later the firewall has been tweaked to block Bob's attack of the month. At first, it seems like I successfully thwarted the attack...until the helpdesk phones begin ringing. Apparently, Bob was able to disrupt my network for about 10 minutes, and now my customers are calling to find out what's going on. Even worse, after a few minutes pass, I notice that our uplinks again start to become saturated. This time, Bob appears to be using a brand-new set of IP addresses for his attacks. In response, I begin feverishly hacking away at our firewall scripts, except this time, I'm a bit panicky -- maybe my solution isn't so good after all."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):92
msgid "Here's what went wrong in the above scenario. Although I had a decent firewall in place and also quickly identified the cause of the network problem, I was unable to modify the behavior of my firewall to respond to the threat in time. Of course, when your network is under attack, you want to be able to respond immediately, and being forced to hack away at your master firewall setup script in a panicked state is not only stressful, but also very inefficient."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):106
msgid "Scripts"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):108
msgid "ipdrop"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):111
msgid "It would be far better if I had a special <c>ipdrop</c> script that's specifically designed to insert just the rules you need to block the IP address that I specify. With such a script, blocking a firewall is no longer a two-minute ordeal; instead, it takes five seconds. And since the script shields me from the task of editing firewall rules by hand, it eliminates a major source of errors. All that's left for me to do is to determine the IP address that I'd like to block, and then type:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):121
msgid "Dropping IP"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):121
#, no-wrap
msgid "\n# <i>ipdrop 129.24.8.1 on</i>\nIP 129.24.8.1 drop on.\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):126
msgid "Immediately, the ipdrop script would block 129.24.8.1, Bob's current evil IP address of the week. This script dramatically improves your defenses, because now an IP block is a no-brainer. Now, let's take a look at my implementation of the ipdrop script:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):133
msgid "ipdrop script"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):133
#, no-wrap
msgid "\n#!/bin/bash\n\nsource /usr/local/share/.sh\n\nargs 2 $# \"${0} IPADDR {on/off}\" \n\n<comment># Drops packets to/from IPADDR. Good for obnoxious\nnetworks/hosts/DoS\"</comment>\n\nif [ \"$2\" == \"on\" ] \nthen\n<comment># Rules will be appended or inserted as normal</comment>\n APPEND=\"-A\"\n  INSERT=\"-I\"\n  rec_check ipdrop $1 \"$1 already blocked\" on\n  record ipdrop $1\nelif [ \"$2\" == \"off\" ]\nthen\n<comment># Rules will be deleted instead</comment>\n APPEND=\"-D\"\n  INSERT=\"-D\"\n  rec_check ipdrop $1 \"$1 not currently blocked\" off \n  unrecord ipdrop $1\nelse\n  echo \"Error: \\\"off\\\" or \\\"on\\\" expected as second argument\"\n  exit 1\nfi  \n\n<comment># Block outside IP address that's causing problems</comment>\n<comment># Attacker's incoming TCP connections will take a minute or so to time\nout, reducing DoS effectiveness</comment>\n\niptables $INSERT INPUT   -s $1 -j DROP\niptables $INSERT OUTPUT  -d $1 -j DROP\niptables $INSERT FORWARD -d $1 -j DROP\niptables $INSERT FORWARD -s $1 -j DROP\n\necho \"IP ${1} drop ${2}.\"\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):178
msgid "ipdrop: the explanation"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):181
msgid "If you take a look at the last four highlighted lines, you'll see the actual commands that insert the appropriate rules into the firewall tables. As you can see, the definition of the $INSERT environment variable varies, depending on whether we're running in \"on\" or \"off\" mode. When the iptables lines execute, the particular rules will be inserted or deleted appropriately."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):189
msgid "Now, let's look at the function of the rules themselves, which should work perfectly with any type of existing firewall, or even on a system with no firewall; all you need is iptables support built-in to your 2.4 kernel. We block incoming packets arriving from the evil IP (first iptables line), block outgoing packets headed for the evil IP (next iptables line), and then turn off forwarding in either direction for this particular IP (last two iptables lines.) Once these rules are in place, your system will simply discard any packets that fall into one of these categories."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):200
msgid "Another quick note: you'll also notice calls to \"rec_check\", \"unrecord\", \"record\", and \"args\". These are special helper bash functions defined in <path>dynfw.sh</path>. The \"record\" function records the blocked ip in the <path>/root/.dynfw-ipdrop</path> file, while the \"unrecord\" removes the entry from <path>/root/.dynfw-ipdrop</path>. The \"rec_check\" function is used to abort the script with an error message if you attempt to re-block an already-blocked IP, or unblock an IP that isn't currently being blocked. The \"args\" function takes care of making sure that we receive the correct number of command-line arguments, and also handles printing helpful usage information. I've created a <uri link=\"http://www-128.ibm.com/developerworks/library/l-fw/dynfw-1.0.tar.gz\">dynfw-1.0.tar.gz</uri> that contains all these tools; see the <uri link=\"#resources\">Resources</uri> section at the end of this article for more information."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):220
msgid "tcplimit"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):223
msgid "This next dynamic firewall script is useful if you need to limit the usage of a particular TCP-based network service, possibly something that generates a heavy CPU load on your end. Called \"tcplimit\", this script takes a TCP port, a rate, a scale, and \"on\" or \"off\" as an argument:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):230
msgid "Limiting of particular TCP-based network service usage"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):230
#, no-wrap
msgid "\n# <i>tcplimit 873 5 minute on</i>\nPort 873 new connection limit (5/minute, burst=5) on.\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):235
msgid "<c>tcplimit</c> uses the new iptables \"state\" module (make sure you've enabled this in your kernel or loaded the module) to allow only a certain number of new, incoming connections in a specific period of time. In this example, the firewall will allow only five new connections to my rsync server (port 873) per minute -- and it's possible to specify the desired number of connections you'd like per second/minute/hour or day, as needed."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):244
msgid "<c>tcplimit</c> offers a good way of limiting non-essential services -- so that a flood of traffic to a non-essential service doesn't disrupt your network or server. In my case, I use <c>tcplimit</c> to set a maximum upper bound for rsync usage to prevent my DSL line from becoming saturated by too many rsync connections. Connection-limited services are recorded in <path>/root/.dynfw-tcplimit</path>, and if I ever want to turn the new connection limiting off, I can simply type:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):254
msgid "Turning off the connection limiting"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):254
#, no-wrap
msgid "\n# <i>tcplimit 873 5 minute off</i>\nPort 873 new connection limit off.\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):259
msgid "<c>tcplimit</c> works by creating a completely new chain in the \"filter\" table. This new chain will reject all packets that exceed our specified limit. Then, a single rule is inserted into the INPUT chain that redirects all incoming NEW connection packets headed to the target port (873 in this case) to this special chain, effectively placing a limit on new, incoming connections while not affecting packets that are part of an established connection."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):268
msgid "When <c>tcplimit</c> is turned off, the INPUT rule and special chain are deleted. This is the kind of fancy stuff that really highlights the importance of having a well-tested, reliable script manage the firewall rules for you. As with <c>ipblock</c>, the <c>tcplimit</c> script should be compatible with any type of firewall, or even no firewall, as long as you have the proper iptables functionality enabled in your kernel."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):281
msgid "host-tcplimit"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):284
msgid "<c>host-tcplimit</c> is a lot like <c>tcplimit</c>, but it limits new TCP connections coming in from a particular IP address and heading for a particular TCP port on your server(s). <c>host-tcplimit</c> is particularly useful for preventing a particular person from abusing your network resources. For example, let's say you're running a CVS server, and you discover that a particular new developer appears to have set up a script that updates his sources with the repository every 10 minutes, using up a huge amount of unnecessary network resources over the course of a day. However, while you're in the process of composing an e-mail to him explaining the error of his ways, you receive an incoming message that reads as follows:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):297
msgid "Incoming message"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):297
#, no-wrap
msgid "\nHi guys!\n\nI'm really excited to be part of your development project. I just set up a\nscript to update my local copy of the code every ten minutes. I'm about to\nleave on a two-week cruise, but when I get back, my sources will be totally\nup-to-date and I'll be ready to help out! I'm heading out the door now...see\nyou in two weeks!\n\nSincerely,\n\nMr. Newbie\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):311
msgid "For such situations, a simple <c>host-tcplimit</c> command will solve the problem:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):316
msgid "host-tcplimit command"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):316
#, no-wrap
msgid "\n# <i>host-tcplimit 1.1.1.1 2401 1 day on</i>\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):320
msgid "Now, Mr. Newbie (IP address 1.1.1.1) is limited to one CVS connection (port 2401) per day, saving oodles of network bandwidth."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):329
msgid "user-outblock"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):332
msgid "The last and possibly most intriguing of all my dynamic firewall scripts is <c>user-outblock</c>. This script provides an ideal way to allow a particular user to telnet or ssh into your system, yet not allow this user to establish any new outgoing connections from the command-line. Here's an example of a situation where user-outblock would come in handy. Let's say that a particular family has an account at my ISP. Mom and Dad use a graphical e-mail client to read their mail and occasionally surf the Web, but their son happens to be an aspiring hacker, and generally uses his shell access to do naughty things to other people's computers."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):344
msgid "One day, you find that he's established ssh connections with several systems that appear to belong to the Pakistani military -- ouch. You'd like to help direct this youth towards more beneficial activities, so you do the following:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):350
msgid "First, you do an audit of your system and make sure that you remove the suid bit from all your network binaries, like ssh:U"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):355
msgid "Removing suid bit from all the network binaries"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):355
#, no-wrap
msgid "\n# <i>chmod u-s /usr/bin/ssh</i>\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):359
msgid "Now, any processes that he tries to use to interact with the network will be owned by his UID. You can now use user-outblock to block all outgoing TCP connections initiated by this UID (which happens to be 2049):"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):365
msgid "Blocking all outgoing TCP connections initiated by some UID"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):365
#, no-wrap
msgid "\n# <i>user-outblock 2049 on</i>\nUID 2049 block on.\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):370
msgid "Now, he can log in and read his mail, but he's not going to be using your servers to establish ssh connections and the like. Now, he could install an ssh client on his home PC. However, it's not too hard to whip up another dynamic firewall script that limits his home PC to Web, mail, and outgoing ssh connections (to your servers only)."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):383
msgid "Resources"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(title):385
msgid "Tarballs"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):388
msgid "Because I've found these dynamic firewall scripts so helpful, I've put together a neat little tarball (<uri link=\"/doc/en/articles/files/dynfw-1.0.1.tar.bz2\">dynfw-1.0.1.tar.bz2</uri>) that you can download and install on your machine."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):395
msgid "To install, extract the tarball and run the included <c>install.sh</c> script. This script will install a shared bash script to <path>/usr/local/share/dynfw.sh</path>, and install the dynamic firewall scripts themselves to <path>/usr/local/sbin</path>. If you'd like them to end up in <path>/usr/share</path> and <path>/usr/sbin</path> instead, simply type this before running <c>install.sh</c>:"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre:caption):404
msgid "Exporting location of install directory"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(pre):404
#, no-wrap
msgid "\n# <i>export PREFIX=/usr</i>\n"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):408
msgid "I've also added a <uri link=\"/proj/en/dynfw.xml\">dynamic firewall scripts</uri> page to the Gentoo Linux Web site that you can visit to get the latest version of the tarball. I'd like to continue improving and adding to the collection, making a truly useful resource for sysadmins planetwide. Now that we have iptables in the kernel, it's time to start taking advantage of it!"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):416
msgid "If all this iptables firewall stuff is new to you, I highly recommend my Linux <uri link=\"http://www-128.ibm.com/developerworks/edu/l-dw-linuxfw-i.html\">2.4 stateful firewall tutorial</uri> (registration required), containing complete instructions on how to design your own iptables-based stateful firewall."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):423
msgid "<uri link=\"http://www.tcpdump.org/\">tcpdump</uri> is an essential tool for exploring low-level packet exchanges and verifying that your firewall is working correctly. If you don't have it, get it. If you've got it, start using it. If you're using it... good for you. :)"
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):430
msgid "Visit the <uri link=\"http://netfilter.samba.org\">home page for the netfilter team</uri> to find lots of excellent resources, including the iptables sources, and Rusty's excellent <uri link=\"http://netfilter.samba.org/unreliable-guides/index.html\">unreliable guides</uri>. These include a basic networking concepts HOWTO, a netfilter (iptables) HOWTO, a NAT HOWTO, and a netfilter hacking HOWTO for developers. There's also a <uri link=\"http://netfilter.org/documentation/index.html#documentation-faq\">netfilter FAQ</uri> available, as well as other things."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):442
msgid "Thankfully, there are a lot of good online netfilter resources; however, don't forget the basics. The iptables man page is very detailed and is a shining example of what a man page should be."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):448
msgid "There's now an <uri link=\"http://www.ds9a.nl/2.4Routing/\">Advanced Linux Routing and Traffic Control HOWTO</uri> available. There's a good section that shows how to use iptables to mark packets, and then use Linux routing functionality to route the packets based on these marks."
msgstr ""

#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(p):455
msgid "There's a <uri link=\"http://netfilter.org/mailinglists.html#ml-user\">netfilter (iptables) mailing list</uri> available, as well as one for <uri link=\"http://netfilter.org/mailinglists.html#ml-devel\">netfilter developers</uri>. You can also access the mailing list archives at these URLs."
msgstr ""

#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL
#: ../../gentoo/xml/htdocs/doc/en/articles/dynamic-iptables-firewalls.xml(None):0
msgid "translator-credits"
msgstr ""