On 16 Jan 2001, at 0:53, Mike Sensney wrote:
> I would suggest some sort of watchdog feature. If the ssh link
> breaks then revert to the previous configuration.
I don't know about LRP 2.9.4 and its descendents, but LRP 2.9.7 and
all descendents (including Oxygen) come with a watchdog daemon;
Oxygen comes with it disabled, since I have had repeated reboots when
the watchdog decided things were too slow and it wouldn't give up.
I'll have to be convinced its useful and reliable, I guess. Nothing
like working away to have the system just suddenly reboot on you.
> You might want to look at hlfl before you implement this.
Interesting! Though an OO firewall configuration tool from Ruby is
probably just the thing - I'll have to check the Ruby Application
Archives...
> I just compiled it and after stripping the executable it comes to
37964
> bytes.
I got 32604 bytes for hlfl - what did we do differently?
> It generates rules for BSD ipfw, Darren Reeds's ipfilter, Linux
> ipfwadm, ipchains and netfilter, and Cisco, though they mention
> that the netfilter and Cisco rule generation have yet to be tested.
> For LEAF/LRP usage we could make target specific versions. For
> instance an ipchains-only version should be less than 15K.
Interesting! Though I did not see any quick and simple way to
extract the others - though they may be worth keeping. You can
create a package that would then run on LRP 2.9.4 and Trevor's Disk
(ipfwadm); LRP 2.9.7, Eiger, EigerStein, Oxygen (ipchains); and the
new crop using Linux 2.4 ....
This looks like a very workable "procedural" (or "declarative")
version of what I had in mind; it's not OO nor as simple as I had in
mind, but it does satisify what I wanted: a much more SIMPLE way to
edit firewall rules on the LEAF system itself.
I may yet tackle a Ruby firewall generator; despite the use of a
"generator" probably on a "Big Distro" machine, it would probably be
a good exercise anyway...
--
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
[EMAIL PROTECTED]
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
