Sign in with
Sign up | Sign in
Your question

Win2k or Win32 IPTABLES

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
February 12, 2005 9:57:54 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

Hi,
Does anyone know where I can find a Win32 or at least Win2k version of
iptables?

my apologies for the crossposting.

More about : win2k win32 iptables

Anonymous
a b 8 Security
February 13, 2005 2:03:04 AM

Archived from groups: microsoft.public.security,microsoft.public.win2000.networking,microsoft.public.win2000.security (More info?)

The closest Windows firewall application to IPTABLES is Kerio WinRoute
Firewall if you need NAT, routing, stateful inspection firewalling, Internet
sharing, VPN pass-thru support, and AD integration.

If you just need a desktop firewall, the best IPTABLES firewall for Win2k
was TinyPersonal Firewall (it has a CheckPoint-like UI and has great logging
ability). If you can find a copy of 2.1, that was the best CheckPoint-like
version.
Anonymous
a b 8 Security
February 13, 2005 11:33:05 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

In comp.os.linux.networking goonmunster <egon.phillips@sympatico.ca>:
> Hi,
> Does anyone know where I can find a Win32 or at least Win2k version of
> iptables?

No such thing, iptables is the Linux kernel 2.4/2.6 built-in
state-full firewall (To be correct 'iptables' is just the name of
the user-space tool to manipulate firewall settings). Simply
install Linux if you want to enjoy all those great features.;)

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 17: fat electrons in the lines
Related resources
Anonymous
a b 8 Security
February 13, 2005 11:33:06 AM

Archived from groups: microsoft.public.security,microsoft.public.win2000.networking,microsoft.public.win2000.security (More info?)

Nice...Netfilter.

"Michael Heiming" wrote:

> In comp.os.linux.networking goonmunster <egon.phillips@sympatico.ca>:
> > Hi,
> > Does anyone know where I can find a Win32 or at least Win2k version of
> > iptables?
>
> No such thing, iptables is the Linux kernel 2.4/2.6 built-in
> state-full firewall (To be correct 'iptables' is just the name of
> the user-space tool to manipulate firewall settings). Simply
> install Linux if you want to enjoy all those great features.;)
>
> Good luck
>
> --
> Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
> mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
> #bofh excuse 17: fat electrons in the lines
>
Anonymous
a b 8 Security
February 13, 2005 1:34:46 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

goonmunster wrote:
> Hi,
> Does anyone know where I can find a Win32 or at least Win2k version of
> iptables?

I think you will have to wait until Bill Gates steals the code from
Netfilter and insert it in their *closed source* OS.

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
Anonymous
a b 8 Security
February 13, 2005 2:15:33 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

Netfilter/iptables are the Linux kernel features and as such are only
available for Linux, not even for Unices, let alone Windows.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"goonmunster" <egon.phillips@sympatico.ca> wrote in message
news:RHwPd.35529$Ub4.1652621@news20.bellglobal.com...
> Hi,
> Does anyone know where I can find a Win32 or at least Win2k version of
> iptables?
>
> my apologies for the crossposting.
Anonymous
a b 8 Security
February 13, 2005 5:46:01 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,microsoft.public.win2000.networking (More info?)

Thanks for your response. We been using iptables/netfilter on a
community webserver for the past 8 months. Myself, I've used
zonealarm and tpf in the past, but was hoping to find something that
uses few resources, does not require a gui, takes advantage of text
based script, and can send/write logs to event viewers logs. In any
case thanks for your help.

BTW, Assuming Netfilter/iptables is written in C, either a hook at one
level or another, or binary instrumentation could be used as a
mechanism to pass the necessary info into and out of a win32 IPTABLES
DLL. Is there some reason why the netfilter/iptables code can't be
ported to win32?

Enjoy your Valantines day.
Anonymous
a b 8 Security
February 14, 2005 12:07:01 AM

Archived from groups: microsoft.public.security,microsoft.public.win2000.networking,microsoft.public.win2000.security (More info?)

Try Kerio WinRoute.

It operates like IPTables\Firestarter.

"goonmunster" wrote:

> Thanks for your response. We been using iptables/netfilter on a
> community webserver for the past 8 months. Myself, I've used
> zonealarm and tpf in the past, but was hoping to find something that
> uses few resources, does not require a gui, takes advantage of text
> based script, and can send/write logs to event viewers logs. In any
> case thanks for your help.
>
> BTW, Assuming Netfilter/iptables is written in C, either a hook at one
> level or another, or binary instrumentation could be used as a
> mechanism to pass the necessary info into and out of a win32 IPTABLES
> DLL. Is there some reason why the netfilter/iptables code can't be
> ported to win32?
>
> Enjoy your Valantines day.
>
>
Anonymous
a b 8 Security
February 14, 2005 1:10:57 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

goonmunster wrote:
[snip]
> BTW, Assuming Netfilter/iptables is written in C, either a hook at one
> level or another, or binary instrumentation could be used as a
> mechanism to pass the necessary info into and out of a win32 IPTABLES
> DLL. Is there some reason why the netfilter/iptables code can't be
> ported to win32?

Besides the differences at the network API level between MSWindows and the
unixish systems that use Netfilter, the only restriction would be one of licence.

Netfilter is GPL open source, and any use of Netfilter must conform to the GPL
licence. This means that, if Microsoft incorporated Netfilter into MSWindows,
they most likely would have to release the entirety of MSWindows as Open
Source GPL code. However, it might be possible for a third-party to build
/just/ Netfilter as a DLL, and release it /alone/ as an Open Source product
under the GPL without affecting the licence for MSWindows.


- --
Lew Pitcher

Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCEBbBagVFX4UWr64RArrxAKCZMsqanEevq1HL4ecFq/VE1Q2rwgCgqDRq
EbhifEpTETcyf4FvuP9vlGY=
=zWdF
-----END PGP SIGNATURE-----
Anonymous
a b 8 Security
February 14, 2005 3:05:52 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

On Sun, 13 Feb 2005 14:46:01 -0800, goonmunster wrote:

> BTW, Assuming Netfilter/iptables is written in C, either a hook at one
> level or another, or binary instrumentation could be used as a
> mechanism to pass the necessary info into and out of a win32 IPTABLES
> DLL. Is there some reason why the netfilter/iptables code can't be
> ported to win32?
>

Yes, It will become infested
Anonymous
a b 8 Security
February 14, 2005 2:50:14 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

goonmunster wrote:
> BTW, Assuming Netfilter/iptables is written in C, either a hook at one
> level or another, or binary instrumentation could be used as a
> mechanism to pass the necessary info into and out of a win32 IPTABLES
> DLL. Is there some reason why the netfilter/iptables code can't be
> ported to win32?

Yes. The routing and the network stacks are so different and the
Netfilter code it's so integrated with the Linux network stack and
routing code that it makes it impossible to do something similar
with Win32.

> Enjoy your Valantines day.

Thanks and Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
Anonymous
a b 8 Security
February 14, 2005 10:53:51 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,microsoft.public.win2000.networking (More info?)

In comp.os.linux.networking goonmunster <egon.phillips@sympatico.ca>:
> Thanks for your response. We been using iptables/netfilter on a
> community webserver for the past 8 months. Myself, I've used
> zonealarm and tpf in the past, but was hoping to find something that
> uses few resources, does not require a gui, takes advantage of text
> based script, and can send/write logs to event viewers logs. In any
> case thanks for your help.

> BTW, Assuming Netfilter/iptables is written in C, either a hook at one
> level or another, or binary instrumentation could be used as a
> mechanism to pass the necessary info into and out of a win32 IPTABLES
> DLL. Is there some reason why the netfilter/iptables code can't be
> ported to win32?

"iptables" is only the user-space tool to manipulate the linux
kernel firewall.

These are the kernel modules concerning iptables loaded on my
box:

Module Size Used by
ipt_TCPMSS 3840 1
ipt_REJECT 5696 7
ipt_LOG 6784 7
ipt_limit 2368 8
ipt_state 1920 40
iptable_mangle 2496 0
iptable_nat 22108 1
ip_conntrack 42376 2 ipt_state,iptable_nat
iptable_filter 2624 1
ip_tables 21456 8 ipt_TCPMSS,ipt_REJECT,ipt_LOG,ipt_limit,ipt_state,
iptable_mangle,iptable_nat,iptable_filter

It's highly doubt-able you could port this, but why bother?
Simply install Linux if you want iptables.;)

> Enjoy your Valantines day.

Thx!

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 111: The salesman drove over the CPU board.
Anonymous
a b 8 Security
February 15, 2005 6:23:40 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,microsoft.public.win2000.networking (More info?)

"Jose Maria Lopez Hernandez" <jkerouac@bgsec.com> wrote:

Xposts without fup2 are EVIL; fup2 microsoft.public.security set!

> goonmunster wrote:
> > BTW, Assuming Netfilter/iptables is written in C, either a hook at one
> > level or another, or binary instrumentation could be used as a
> > mechanism to pass the necessary info into and out of a win32 IPTABLES
> > DLL. Is there some reason why the netfilter/iptables code can't be
> > ported to win32?
>
> Yes. The routing and the network stacks are so different and the
> Netfilter code it's so integrated with the Linux network stack and
> routing code that it makes it impossible to do something similar
> with Win32.

You should take a deep breath and have a look at:

- IPF from http://www.thehackerschoice.com/

- wipfw by Ruslan Staritsin from http://www.ntkernel.com/

- TPckFilter by Jesús Oliva

- PktFilter by Jean-Baptiste Marchand from http://www.hsc.fr/
(you'll find his name under the credits on one of the latest MS05-0xx
security bulletins!)

They all use the (since NT4!) builtin IPv4 filter and are interfaces to
define it's rules!

Stefan
Anonymous
a b 8 Security
February 16, 2005 12:51:57 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

Hi Lew:

"Lew Pitcher" <lpitcher@sympatico.ca> wrote in message
news:p EUPd.136$4I5.89855@news20.bellglobal.com...

> Besides the differences at the network API level between MSWindows and the
> unixish systems that use Netfilter, the only restriction would be one of
licence.

There is awful lot of GPL software available for Windows. That is definitely
not a problem - but the network API is.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
Anonymous
a b 8 Security
February 17, 2005 1:03:07 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In comp.os.linux.networking, S. Pidgorny <MVP> wrote:
> Hi Lew:
>
> "Lew Pitcher" <lpitcher@sympatico.ca> wrote in message
> news:p EUPd.136$4I5.89855@news20.bellglobal.com...
>
>
>>Besides the differences at the network API level between MSWindows and the
>>unixish systems that use Netfilter, the only restriction would be one of
>>licence.
>
> There is awful lot of GPL software available for Windows.
> That is definitely not a problem

It might be, especially with something like Netfilter. Netfilter is GPL'ed
software, which means that any software that incorporates it must also be
GPL'ed software.

The internal hooks in MSWindows that an MSWindows port of Netfilter would have
to connect to would not be licenced under the GPL. The interface sources (i.e.
the .H files, for instance) would not be licenced under the GPL. Some of the
necessary dependant services (i.e. MSWindows service DLLs) would not be
licenced under the GPL. The person who ports Netfilter to MSWindows would have
to reconcile the various licences, such that the released MSWindows Netfilter
still conforms to the GPL, but this might not be possible if those other
licences forbid their component's use in GPL'ed code.

In other words, the implementor would have to be /very/ carefull about licence
issues.

FWIW, the part of the GPL that I'm thinking of reads...
"These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
* ------------
distribute the same sections as part of a whole which is a work based
* ---------------------------------------------------------------------
on the Program, the distribution of the whole must be on the terms of
* ---------------------------------------------------------------------
this License, whose permissions for other licensees extend to the
* -----------------------------------------------------------------
entire whole, and thus to each and every part regardless of who wrote it."
* -------------------------------------------------------------------------

This paragraph refers to the requirements in incorporating GPL'ed software into
a new program, such as a GPL'ed Linux Netfilter into a new MSWindows Netfilter.

> - but the network API is.

That would be my bet as the critical problem to implementing Netfilter for
MSWindows.

- --
Lew Pitcher

Master Codewright and JOAT-in-training
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCFAlragVFX4UWr64RAtDtAJsHU3NI57Szqr2dbLpBxhECLAzuOQCfR88c
0YsI24VwNmkKMOhUSJof5/M=
=EUjK
-----END PGP SIGNATURE-----
Anonymous
a b 8 Security
February 17, 2005 1:03:08 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

"Lew Pitcher" <lpitcher@sympatico.ca> wrote in message
news:EITQd.18087$4I5.884210@news20.bellglobal.com...

>>>Besides the differences at the network API level between MSWindows and
>>>the
>>>unixish systems that use Netfilter, the only restriction would be one of
>>>licence.

>> There is awful lot of GPL software available for Windows.
>> That is definitely not a problem

Right. The API is a license boundary. It's like two books sitting on
your bookshelf.

> It might be, especially with something like Netfilter. Netfilter is GPL'ed
> software, which means that any software that incorporates it must also be
> GPL'ed software.

Correct, where 'incorporates' means that there is no boundary between
the two bits.

> The internal hooks in MSWindows that an MSWindows port of Netfilter would
> have
> to connect to would not be licenced under the GPL.

Doesn't matter. The hooks are a license boundary.

> The interface sources (i.e.
> the .H files, for instance) would not be licenced under the GPL.

The way you usually resolve this is you either put the header files into
the public domain or you write your own header files under a totally open
license.

> Some of the
> necessary dependant services (i.e. MSWindows service DLLs) would not be
> licenced under the GPL.

That doesn't matter. So long as there's an API, there's a license
boundary.

Imagine what would happen if you assume that the program has to be under
the same license as the service DLLs. Now someone else makes another set of
service DLLs that implements the same API. Which one does the program have
to have the same license as?

> The person who ports Netfilter to MSWindows would have
> to reconcile the various licences, such that the released MSWindows
> Netfilter
> still conforms to the GPL, but this might not be possible if those other
> licences forbid their component's use in GPL'ed code.

I have never seen a EULA or shrink-wrap agreement that did this. No
other type of license would have that power, because ordinary licenses
cannot restrict ordinary use, which this is.

> In other words, the implementor would have to be /very/ carefull about
> licence
> issues.

Well, that's certainly true. But most likely it would turn out not to be
a problem unless you did something unusual.

> FWIW, the part of the GPL that I'm thinking of reads...
> "These requirements apply to the modified work as a whole. If
> identifiable sections of that work are not derived from the Program,
> and can be reasonably considered independent and separate works in
> themselves, then this License, and its terms, do not apply to those
> sections when you distribute them as separate works. But when you
> * ------------
> distribute the same sections as part of a whole which is a work based
> * ---------------------------------------------------------------------
> on the Program, the distribution of the whole must be on the terms of
> * ---------------------------------------------------------------------
> this License, whose permissions for other licensees extend to the
> * -----------------------------------------------------------------
> entire whole, and thus to each and every part regardless of who wrote
> it."
>
> -------------------------------------------------------------------------
>
> This paragraph refers to the requirements in incorporating GPL'ed software
> into
> a new program, such as a GPL'ed Linux Netfilter into a new MSWindows
> Netfilter.

Except that this does not constitute a 'whole work'. An operating system
and the program running on it are not a 'whole work' even if they're
distributed together. License boundaries (such as defined APIs) separate
distinct works.

>> - but the network API is.
>
> That would be my bet as the critical problem to implementing Netfilter for
> MSWindows.

I don't know enough about the specifics. Does there exist a header file
that has a GPL-compatible license? Or is it easy to create one? So long as
there is an API and the Netfilter could theoretically work with another
implementation of that same API, there's no problem.

DS
Anonymous
a b 8 Security
February 17, 2005 1:47:57 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Schwartz wrote:
> "Lew Pitcher" <lpitcher@sympatico.ca> wrote in message
> news:EITQd.18087$4I5.884210@news20.bellglobal.com...
>
>
>>>>Besides the differences at the network API level between MSWindows and
>>>>the
>>>>unixish systems that use Netfilter, the only restriction would be one of
>>>>licence.
>
>
>>>There is awful lot of GPL software available for Windows.
>>>That is definitely not a problem
>
>
> Right. The API is a license boundary. It's like two books sitting on
> your bookshelf.
>
>
>>It might be, especially with something like Netfilter. Netfilter is GPL'ed
>>software, which means that any software that incorporates it must also be
>>GPL'ed software.
>
>
> Correct, where 'incorporates' means that there is no boundary between
> the two bits.
>
>
>>The internal hooks in MSWindows that an MSWindows port of Netfilter would
>>have
>>to connect to would not be licenced under the GPL.
>
>
> Doesn't matter. The hooks are a license boundary.
>
>
>>The interface sources (i.e.
>>the .H files, for instance) would not be licenced under the GPL.
>
>
> The way you usually resolve this is you either put the header files into
> the public domain or you write your own header files under a totally open
> license.
>
>
>>Some of the
>>necessary dependant services (i.e. MSWindows service DLLs) would not be
>>licenced under the GPL.
>
>
> That doesn't matter. So long as there's an API, there's a license
> boundary.
>
> Imagine what would happen if you assume that the program has to be under
> the same license as the service DLLs. Now someone else makes another set of
> service DLLs that implements the same API. Which one does the program have
> to have the same license as?
>
>
>>The person who ports Netfilter to MSWindows would have
>>to reconcile the various licences, such that the released MSWindows
>>Netfilter
>>still conforms to the GPL, but this might not be possible if those other
>>licences forbid their component's use in GPL'ed code.
>
>
> I have never seen a EULA or shrink-wrap agreement that did this. No
> other type of license would have that power, because ordinary licenses
> cannot restrict ordinary use, which this is.

IIRC, Microsoft has already issued EULAs on some of it's products that forbid
the use of the products to create GPL'ed software. I assume that (for
instance) a developer porting Netfilter to MSWindows would have to check the
EULA of his MS Visual C++ installation for restrictions if he were to use
MSVC++ to recompile Netfilter for distribution.

Similarly, Microsoft (or others) might have licenced their DLLs such that they
are not legally usable with GPLed software. Are you /sure/ you read and
understood /every/ EULA for every DLL on your system?

>>In other words, the implementor would have to be /very/ carefull about
>>licence
>>issues.
>
>
> Well, that's certainly true. But most likely it would turn out not to be
> a problem unless you did something unusual.

This is system level code, which would run in MSWindows. That puts this
proposal square in the middle of 'something unusual' ;-)

>>FWIW, the part of the GPL that I'm thinking of reads...
>> "These requirements apply to the modified work as a whole. If
>> identifiable sections of that work are not derived from the Program,
>> and can be reasonably considered independent and separate works in
>> themselves, then this License, and its terms, do not apply to those
>> sections when you distribute them as separate works. But when you
>>* ------------
>> distribute the same sections as part of a whole which is a work based
>>* ---------------------------------------------------------------------
>> on the Program, the distribution of the whole must be on the terms of
>>* ---------------------------------------------------------------------
>> this License, whose permissions for other licensees extend to the
>>* -----------------------------------------------------------------
>> entire whole, and thus to each and every part regardless of who wrote
>>it."
>>
>> -------------------------------------------------------------------------
>>
>>This paragraph refers to the requirements in incorporating GPL'ed software
>>into
>>a new program, such as a GPL'ed Linux Netfilter into a new MSWindows
>>Netfilter.
>
>
> Except that this does not constitute a 'whole work'. An operating system
> and the program running on it are not a 'whole work' even if they're
> distributed together. License boundaries (such as defined APIs) separate
> distinct works.

No, but the Netfilter program and any of it's dependant DLLs would be
considered a "whole work". And if the program uses code with an incompatable
licence, or the DLLs are not licenced for use with a GPL program, then legal
h*ll breaks loose.

>>>- but the network API is.
>>
>>That would be my bet as the critical problem to implementing Netfilter for
>>MSWindows.
>
>
> I don't know enough about the specifics. Does there exist a header file
> that has a GPL-compatible license? Or is it easy to create one? So long as
> there is an API and the Netfilter could theoretically work with another
> implementation of that same API, there's no problem.

A translation of a header file (i.e changing variable names, etc.) or a
transcription of a header file (i.e. typing it in from a copy) would be
considered "derived works" of the original header file, and fall under the
requirements of the original header's copyright and licence. Thus, an
MSWindows header (say for WinSock), even if rewritten by someone else, likely
could not be used in a GPL'ed work.

- From what I've heard, the Linux Kernel gurus have debated this same issue, but
from the Linux side. Their conclusion seems to be that, if a kernel module
uses a Linux kernel header, then the module must be GPL'ed. /Only/ if the
module uses no kernel code (including headers) can it be propriatary
(although, they dislike propriatary modules in the kernel).


- --
Lew Pitcher

Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCFBPtagVFX4UWr64RAvJpAJ0WvbqzM2cA2Qnx5U+DdjcgyBQ3RgCfesYL
IooQczeX2xsFVSXSk4U0N/g=
=Q7mv
-----END PGP SIGNATURE-----
Anonymous
a b 8 Security
February 17, 2005 1:53:08 AM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lew Pitcher wrote:
> David Schwartz wrote:
[snip]
>>> I have never seen a EULA or shrink-wrap agreement that did this. No
>>>other type of license would have that power, because ordinary licenses
>>>cannot restrict ordinary use, which this is.
>
>
> IIRC, Microsoft has already issued EULAs on some of it's products that forbid
> the use of the products to create GPL'ed software.

Specifically, the licence for "Microsoft Mobile Internet Toolkit Beta 2"
contained a restriction that said

"(c) Open Source. Recipient's license rights to the Software are conditioned
upon Recipient (i) not distributing such Software, in whole or in part, in
conjunction with Potentially Viral Software (as defined below); and (ii) not
using Potentially Viral Software (e.g. tools) to develop Recipient software
which includes the Software, in whole or in part. For purposes of the
foregoing, "Potentially Viral Software" means software which is licensed
pursuant to terms that: (x) create, or purport to create, obligations for
Microsoft with respect to the Software or (y) grant, or purport to grant, to
any third party any rights to or immunities under Microsoft's intellectual
property or proprietary rights in the Software.

By way of example but not limitation of the foregoing, Recipient shall not
distribute the Software, in whole or in part, in conjunction with any Publicly
Available Software.

"Publicly Available Software" means each of (i) any software that contains, or
is derived in any manner (in whole or in part) from, any software that is
distributed as free software, open source software (e.g. Linux) or similar
licensing or distribution models; and (ii) any software that requires as a
condition of use, modification and/or distribution of such software that other
software distributed with such software (A) be disclosed or distributed in
source code form; (B) be licensed for the purpose of making derivative works;
or (C) be redistributable at no charge. Publicly Available Software includes,
without limitation, software licensed or distributed under any of the
following licenses or distribution models, or licenses or distribution models
similar to any of the following: (A) GNU's General Public License (GPL) or
Lesser/Library GPL (LGPL), (B) The Artistic License (e.g., PERL), (C) the
Mozilla Public License, (D) the Netscape Public License, (E) the Sun Community
Source License (SCSL), and (F) the Sun Industry Standards License (SISL)."


> I assume that (for
> instance) a developer porting Netfilter to MSWindows would have to check the
> EULA of his MS Visual C++ installation for restrictions if he were to use
> MSVC++ to recompile Netfilter for distribution.
>
> Similarly, Microsoft (or others) might have licenced their DLLs such that they
> are not legally usable with GPLed software. Are you /sure/ you read and
> understood /every/ EULA for every DLL on your system?

[snip]

- --
Lew Pitcher

Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCFBUkagVFX4UWr64RAiocAJ4lhpMCUDVwROFYImaQAe1D1FFn/QCdHFrx
LQYYTfutIjauNHm2DXicBWw=
=Dv9Y
-----END PGP SIGNATURE-----
Anonymous
a b 8 Security
February 19, 2005 2:32:42 PM

Archived from groups: comp.os.linux.networking,microsoft.public.security,microsoft.public.win2000.security,comp.os.ms-windows.networking,microsoft.public.win2000.networking (More info?)

G'day:

"Lew Pitcher" <lpitcher@sympatico.ca> wrote in message
news:EITQd.18087$4I5.884210@news20.bellglobal.com...

> The internal hooks in MSWindows that an MSWindows port of Netfilter would
have
> to connect to would not be licenced under the GPL. The interface sources
(i.e.
> the .H files, for instance) would not be licenced under the GPL. Some of
the
> necessary dependant services (i.e. MSWindows service DLLs) would not be
> licenced under the GPL. The person who ports Netfilter to MSWindows would
have
> to reconcile the various licences, such that the released MSWindows
Netfilter
> still conforms to the GPL, but this might not be possible if those other
> licences forbid their component's use in GPL'ed code.

Nope - I only need to "reconcile" licenses if I'm redistributing Microsoft
or 3rd-party components, libraries etc. If I'm just calling Windows APIs, I
can use GPL, LGPL, PRCL, BSD license or whatever I want.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
!