On Wed, Jan 03, 2001 at 05:53:52PM -0600, David Douthitt wrote:
> On 3 Jan 2001, at 23:38, Donovan Baarda wrote:
>
> > Ummm, maybe I am out on my own, but what is wrong with having a bulky
> > fw-builder app that runs on a full machine to generate a light-weight
> > fw that can be loaded onto the leaf machine?
>
> What "full machine"? If I'm Mr. Home User with Windows 95, Windows
> NT, and MacOS 9 systems on hand, where's my "full system"? If I'm
> Mr. Home User, I may not have even installed the OSes myself.
There are platform independant tools that could be used to make the
fw-builder so that even Mr Macuser could run it. I've written python apps
that run unchanged on all platforms both with and without GUI's. However,
I'm not sure unskilled people would want to low-level configure and
tweak their firewall anyway.
> What "full machine"? If I'm Mr. UNIX SysAdmin/Wizard, maybe the
> Corporation hasn't installed Linux anywhere yet, and maybe they don't
> have any C compilers on the installed systems....
And if you don't have gcc, you can't compile a leaf kernel. That doesn't
mean you can't download a pre-compiled one.
Perhaps firewalls have reached the point where they have become so complex
it's up to the experts to design and tweak them, so that the majority can
pick the one that best meets their needs. I dunno...
I just suggested this because it seemed a logical (but perhaps compromised)
solution to the tool complexity vs tool size dilema. In any case, I think
it's a good idea to seperate the fw construction/configuration tool from the
fw model/implementation, even if they do both end up on the leaf machine.
But the first thing to do (as others have pointed out), is define the model
before getting tangled up in implementation details.
--
----------------------------------------------------------------------
ABO: finger [EMAIL PROTECTED] for more info, including pgp key
----------------------------------------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
