David:
Sorry, let me try to clarify:
> > > In my mind, this is THE biggest problem with almost all Script
> > > Generators, whether from the command line or a GUI: if you make
> > > hand- tuned changes, then they will be lost next time the generator
> > > runs.
>
> > This speaks volumes about why any firewall generator should
> > read/write to a .conf file rather than create ipchains commands
> > directly. As Charles said, it's the method of rule specification
> > that's most important, not how the (G)UI looks nor how those rules
> > become ipchains commands. Given a standard, meta-language .conf
> > format, a dozen people could write a dozen UI's, and me the
> > thirteenth guy could still use ae on the .conf to customize the
> > firewall on my machine.
>
> I'm not sure all what you are trying to say here. Sooner or later,
> there HAS to be ipchains commands to make a firewall run.
Let me put it this way:
Firewall.conf file
+ Firewall.conf parser
--------------------------
Executable Filewall Script
In the above, you run the Script to make the firewall run.
You edit the .conf file to customize what the firewall does. And
you run some "OS-specific" parser which turns the .conf file into
ipchains (or ip or ipfwadm or netfilter...or whatever) commands.
A total of three distinct pieces.
> Also, I have a general disdain for anything that requires
> configuration files that are NOT in a text file. How do you modify a
> binary configuration file, unless every binary config file has its
> own editor.... ugh.
I agree the .conf file should be ascii text. One extreme of
ascii. of course, is just XML: ascii with a bunch of clever overhead.
> I'm still interested in a configuration file that uses objects and OO
> to create firewalls - someone called it a formatter; I'm beginning to
> consider it a sort of "firewall rules compiler" or something like
> that. Using ruby is quite tempting, even though it isn't big and
> normally won't be found on a small LRP system.....
>
> Don't know what Ruby is? You should :-) http://www.ruby-lang.org
Reading up on it now.
-Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
