Tom:
Heya. Thoughts for you:
> I think that this is much to low a level of abstraction. I suggest
> that if you want to represent the user's wishes with regards to
> firewalling then something more along the line of what is contained
> in the Seattle Firewall configuration files is more appropriate.
> Also notice that there are no order dependencies in any of those
> configuration files.
Hmmm. I think we're speaking about different things. :)
Let me see if I can remember my thinking on this...a firewall
system includes these things:
1. A OS with packet-filtering capability (eg, okay, Linux ;)
2. A command interface to that capability (eg, ipchains)
3. A base ruleset, usually defined in terms of #2 (eg,
a *order-dependent* list of ipchains commands).
4. User customizations to augment #3.
What I've heard discussed over the last few weeks is:
"what sort of user interface can LEAF provide to make the
installation of #3 and the creation of #4 easier for the
non-learned user?".
My opinion has been that the design of this user
interface can be simplified if it is independent of #2. It
would read and write to a platform-neutral format, and so
the talk naturally comes around to XML for that. In that
format, we'd specify the whole of #3, including its
required order dependencies (which is as Ray pointed out).
We'd also store "user intentions" which can be much higher
level as you suggest: "FTP_SERVER=192.168.1.2" is all it
should take.
I'm a big proponent of "solve the UI" problem, so I'm
willing to swallow the pill that comes with it: if we *do*
make this step away from defining a firewall in terms of
ipchains, then there is a "magic happens here" piece of code
that translates the XML data back into it. The overall complexity
of the task is unchanged; I'm just advocating the shift of
the complexity from the "what you see everyday" UI to the
"behind the scenes" translation script/process.
cheers,
Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
