On Wed, Jan 03, 2001 at 09:31:01AM -0600, David Douthitt wrote:
> On 3 Jan 2001, at 2:32, Charles Steinkuehler wrote:
[...]
> What about things like Mason, which scan typical traffic and
> implement rules to match? Problem with Mason is it relies on Perl
> (not nice in an embedded context).
Ummm, maybe I am out on my own, but what is wrong with having a bulky
fw-builder app that runs on a full machine to generate a light-weight fw
that can be loaded onto the leaf machine?
I realise in the case of Mason it would need to run on the leaf machine
itself, but a lot of discussion seems to be centered around the limitations
of sh scripts for complex interactive fw configuration.
Why not have a full-featured fw-builder, using say python or based on
existing GUI tools, which can generate simple fw-rules lrp's that reduce
the interactive leaf configuration to "choose your fw type...". That way
complex fw's can be built using full-featured tools, and leaf machines can
still be lightweight. Those building CD based leaf machines can still
include the full fw-builder if they want. This way the whole solution is not
compromised by the playoff between features and lightweight-ness.
--
----------------------------------------------------------------------
ABO: finger [EMAIL PROTECTED] for more info, including pgp key
----------------------------------------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
