On Tue, 2 Jan 2001, Paul Batozech wrote:
> Eric Wolzak wrote:
> >
> > Hello
> > > this sounds interesting. Is the new system going to be 2.4 based? I ask
> > > because 2.4 is supposed to have stateful inspection, which makes firewall
> > > a much more applicable term.
> > i would like that also very much
> > >
> > > I'd be interested in helping out on a firewall script system, but I don't
> > > have a great deal of time. Have you checked out the existing packages like
> > > seawall and Mathew Grant's firewall.rc?
>
> I'd be interested also, although I'm far from an expert I do enjoy shell
> scripting:)
> I contributed a few small parts to Matthew Grant's original script to
> make it work in a dhcp client environment, such as pulling the external
> ip out of ifconfig, some variable assignment and the dhcp rules.
>
> >
> > > What I'd envision is a modular system like the init scripts. So each
> > > service is in a file of about four lines with the proper filtering or
> > > forwarding commands, and linking to the file in a separate directory
> > > includes it. That would be easier to manage via weblet GUI becuase the
> > > user could use checkboxes to say "port forward FTP to server A" and "don't
> > > forward www to server B".
> > could be a nice way to arrange it that way, there is a lot of traffic on
> > the list from people asking how to implement this or that "standard
> > situation". Alternativly you could create the whole firewall script
> > according to a webinterface so as for example on the firewall-guru
> > site (ziegler). and put this script on the floppy.
> > Advantage (less code in the distro)
> > disadvantage ( creating the firewall script in a "foreign environment"
> > for the suspicious user ;))
>
> I was impressed with Ziegler's web based config tool, but I must admit
> alittle nervous about the 'foreign environment' as well.
>
> Although I've not set up a seawall configuration it seems like a pretty
> good starting point, no?
Hmm, I suppose this means I need to get that VMWare LRP installation
going and install seawall...
>
> A separate package also seems like a good idea, just another .lrp file.
> Those that needs it loads it, those that don't skips it.
>
Yeah, definitely a separate package.
> > I would like to help, allthough time is rare as with anybody ;) and i
> > don't know if i have enough experience yet. But as learning by
> > doing and reading and a lot of enthusiasm is enough for you, i 'm
> > on.
>
> Same here, I could use the experience with functions and eval.
>
I could use a clue with functions and eval :-) I've sat through enough
classes to know and appreciate the gospel of OOP, but always had to drop
out of class when assignment 3 turned out to rely on logarithmic math or
some such nastiness.
> >
> > > I'd like to pound out some ideas for specifying &
> > > > controlling the firwall rules (the coding part is easy...the hard part is
> > > > solving the problem).
>
> Along with trying to foresee every strange permutation a user could come
> up with:)
>
I actually don't think this would be too bad, if we do the hard ones and
then provide a template for the easy ones (e.g. passing a single port).
> Regards
> Paul Batozech
>
> >
> > _______________________________________________
> > Leaf-devel mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/mailman/listinfo/leaf-devel
>
>
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
