Christopher, Of course Arno's is staying. Justin mis-typed in one spot and Philip can't look beyond literal sometimes. (He's a no means no kinda guy).
What we're trying to establish is which exact feature exists in astfw that does not exist in Arno's fw. The only one that I'm aware of is the idea of a 'dmz-ip' where all unfiltered incoming traffic is directed to the dmz-ip rather than the astlinux box. So for example: You have an existing firewall appliance in place. You put an Astlinux box in front of it to handle voice functions and act as the network gateway (since it has the cool traffic shaping stuff). You'd then assign static IP address of 10.0.0.2 to the old firewall and define 10.0.0.2 as the 'dmz-ip'. You'd then have rules for say sip traffic and ssh pointing to the Astlinux device via Arno fw rules. All other traffic would be directed, unfiltered to the dmz-ip address. What we're trying to replicate is the so called 'dmz-plus' feature found on certain router/firewalls. In those cases, the router behind the other router would actually have the public IP address. This is how my U-verse modem works. It has a built in router that can't be disabled. But I can put another router behind it. That router dhcp's for an address and somehow receives the public IP address. That's really the only functionality that I'm aware that's missing from Arno's fw (or at least not easily configured) that is present in astfw. Darrick Chris Abnett wrote: > I sure hope arno stays in.. I *REALLY* like it and its so easy to set up! > -Christopher > > -----Original Message----- > From: Philip Prindeville [mailto:philipp_s...@redfish-solutions.com] > Sent: Friday, May 01, 2009 5:16 PM > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] Killing off astfw+astshape in 0.7 > > "Remove arno"? I think we're going in the opposite direction... > ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
