Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A project of this popularity and maturity essentially announcing they're shuttering because a single long-term contributor is retiring.. if ever there was a damning indictment of modern consumption-driven open source, I don't know what is


I feel like most open source projects are like that.

https://github.com/antirez/redis/pulse/monthly

https://github.com/django/django/pulse/monthly

https://github.com/moby/moby/pulse/monthly


I feel like many non-open-source projects are like that, too. I've worked on more than one corporate project where the original programmer was the only person who really understood how half of it worked, and still wrote most of the code. When he left, the project died.


Was that supposed to be an irony or you didn't really check those links? All those projects have tons of commits and activity going on, by multiple people (35 in the case of Django!).


Redis page is a good example, the other 2 not so much..

Check the "Contributors" page -- Redis has probably 95% of commits/code-volume from 2009 to 2019 by antirez himself. Yes there are other contributors but they make up a minority share.

https://github.com/antirez/redis/graphs/contributors


I don't understand. Everything you linked has multiple authors/contributors. It's the opposite of a sole author.


It is possible the maintainers of the various OS distribution packages will band together and maintain development.

BTW, what's the general recommendation for people looking to migrate to another Linux firewall package?


fwbuilder will export rules from its GUI to a whole bunch of different firewalls. When you change firewalls, just re-export/compile.

http://fwbuilder.sourceforge.net/4.0/features.shtml


iptables-persistent on Debian. Or iptables-services on redhat


Bleah, iptables is rather hostile. Sure, you have a webserver, add a rule to allow TCP over 80. Later you revisit, decide you need to add 443. So you do the obvious and change "80" to "80,443". Which fails. Turns out there's a completely different way to match multiple ports. Or you could write a rule per port... making mistakes much more likely and much harder to spot.


I love it, but it's not a wrapper. It's just a dead-simple mechanism for making iptables persistent.

The cool thing is that /etc/iptables/rules.v4 and /etc/iptables/rules.v6 get loaded at bootup. So if you're living dangerously, you just use /etc/iptables/test-rules.v4 or whatever. If you get locked out, just reboot the server. Or have it rebooted, if you don't have a management console.


Test with the live iptables state. Then you can save it with iptables-save > rules.v4

Why do you need a wrapper at all? I looked at shorewall ten years ago and it just made everything more complicated than just doing it raw.

Term is also nice because it still uses iptables syntax.


I'm sure that there are other ways to manage multiple sets of iptables rules. I've just found iptables-persistent to be the easiest.

I do agree on the iptables vs wrapper issue. I started out using Shorewall, and then ufw. But once I started learning iptables, I decided that it was simpler to just use it.


personally I use a script I developed a while ago for doing iptables directly, using awk to parse some txt files to apply the firewall config and then adding a script to execute the iptables script on boot:

https://github.com/benkillin/linux-firewall

the ip6 section needs some further development though - I have no need for it in my scenario at the moment.


What’s modern about it? The guy has been at it for twenty years. And it’s always been this way.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: