With regards to both posts talking about additional fields, I would be
careful. You want it to be applicable to any packet filter, then you
can't use fields which don't have analogous fields in some packet
filters. FORWARD, for example, is implied by some packet filters by a
PERMIT; packet filters don't all include masquerading blah blah blah.
My $.02.
-----Original Message-----
From: Vincent de Lau [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 18, 2000 3:12 AM
To: 'Michael T. Babcock'; Henry Sieff
Cc: 'Michael E. Cummins'; [EMAIL PROTECTED]; HAL ROTTENBERG
(HP-USA,ex1) (E-mail); Mandy Andress (E-mail); Vincent de Lau;
'William
Bartholomew' (E-mail); 'Mike Forrester'
Subject: RE: Firewall Rules Database / FirewallReviews.COM proposal
> -----Original Message-----
> From: Michael T. Babcock [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 17, 2000 21:05
> Henry Sieff wrote:
>
> > For firewall rules:
> > Common Name (Common Name of Service)
> > Direction (Outbound/Inbound)
>
> add Forwarded
>
> > IP Protocol (UDP/TCP/ICMP/?)
>
> By protocol number-name mapping in /etc/protocols
>
> > Source Address (IP source)
>
> And/or Ethernet hardware address and/or device (to be) used.
>
> > Source Port (or ICMP Service Number)
> > Destination Address
> > Dest Port
> > Action (Accept/Deny)
> > NAT'able (Yes/No; basically, does NAT break this service)
More possibilities like: Mapped IP (1 to 1), Virtual IP (port mapping
and
load balancing) and masquerading (1 to many)
Please forgive me if the terms are incorrect, but these are the ones
used in
NetScreen.
> > Proxy Notes (Does a proxy exist; if so, where can you find info on
> > implementing it)
>
> Redirection -> with priority level (for multiple redirects).
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
