Re: [Leaf-devel] Grand New Firewall Paradigm

[Scott C. Best]

Charles:

> I'm thinking whatever the firewall config language looks like, the parser
> (at least for LRP/leaf) will be primarily shell, with perhaps a few special
> commands (compiled...maybe added to busybox) to help with the parsing.

        Yes, agreed. Taking this to an extreme, you could wrap
a user login for, say, ~firewall, into a custom shell that had
nothing *but* compiled firewall configuration commands. That is,
you'd deactivate all of the "normal" bash commands (so, no echo,
ps, who, cat, su, etc), and this shell itself then becomes the
parser.
        I'm working with some others to build something like
this now, tying it closely with ssh host-authentication for
remote-management capability. Seems promising...

-Scott


_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel