On Friday 10 January 2003 10:14 am, Andrea Galmacci - awd* wrote: > Please read the original post... > > - Andrea > > ----- Original Message ----- > From: "Mike Noyes" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, January 10, 2003 4:25 PM > Subject: Re: [Shorewall-users] The community > > > Andrea, > > Please send this post to the LEAF devel list. Many of our project > > members are working on a similar task. The lead developer for a web > > interface/graphical configuration is Lynn Avants. Please let me know if > > you need anything. Thanks.
I'm getting back in the saddle again. There hasn't been much done in the last 6 months or so on this project....mainly due to my lack of time. > > On Fri, 2003-01-10 at 06:59, Andrea Galmacci - awd* wrote: > > > > I encourage all who have the Zen of ShoreWall to rise up and let your > > > > voice be heard! Carpe Diem! > > > > > > I'm following the list since March last year - I think Thad correctly > > > pointed out what Tom showed us in the past months - do something for > > > the rest of us, the community, sharing his competences and spending his > > spare > > > > time - a precious element for all of us - for the others: that's great! > > > > > > I've learnt the few Linux I needed to boot and sligthly modify Bering > > distro > > > > by J. Nilo > > > (http://leaf.sourceforge.net/article.php?sid=63): > > > I'm the last one of the list entitled to give suggestions and to offer > > > solution to everyday's problem. Great! > > > I've started to develop the web interface to Shorewall just because it > > was > > > > my intention to assemble a commercial product (after I found an > > > embedded > > PC > > > > 3xLAN that I bought) - it is still my intention to go that way and sell > > the > > > > product as a combination of the specific HW + Bering + Shorewall + my > > web > > > > interface: in the meanwhile I'd like to share what I've done with the > > > community. This is already being done by a variaty of products, including Mosquito and the Mandrake Firewall. I would also consider it more than a slight modification to run securely at all. > > > Please consider that: > > > 1. I'm a developer in the application server environment (Macromedia CF > MX under Windoze) - I'm a Linux rookie; NP, code is code. ;-) > > > 2. I've decided that Webmin was too much in terms of load for my > embedded Bering - so I decided to use thttpd as a web server: the web > interface is built from the Weblet example; Thttpd is a good option, but rather large comparatively. I don't know where sh-httpd is lacking from doing this type of project. > > > 3. the web server runs as root - that's in most's opinion, as a matter > of facts, a BAD approach for security issues; Terrible option unless you like having to support commercial boxes that have been rooted. I would suggest a C-suid binary to overwrite anything after proper authentication (ie... SSL, ssh, zebedee, etc...) and running the webserver/CGI as a non-priviledged user. > > > 4. the interface is not complete but it offers the possibility to > > > modify Shorewall scripts maintaining full compatibility with Tom's > > > original scripting, launching Shorewall commands (start, stop, ...) and > > > offering full logs visibility. I believe Eric W. has a package/executable in his leaf/devel directory that does this. The project that myself and others are working on goes far beyond this and will require a compatability layer for existing LEAF variants... this is the price to make it work on more than one variant. > > > 5. Page titles and subtitles are in italian - I guess you'll be able to > > > understand the meaning anyhow. It shouldn't be any harder than figuring out the Japanese that is used with Mosquito. ;-) > > > 6. I cannot ensure to be able to have enough time and knowledge to give > the right answers to your potential questions: please don't flame me for > that; Ok. > > > 7. I will be for sure not able to give answer like '...in RH8.0 do that > and in SuSEyx do this'. Ok, shouldn't be an issue with CGI. > > > 8. Sometimes the system is offline for reboot and testing - sometimes > > > it is detached from the net for more than 48 hours... again, please be > > > patient. Said that, if you want to test drive the interface, the URL is > > > http://62.110.196.252:8080 - andrea:andrea as login. > > > Please be patient if what you'll see is not what you were expecting > > > for: that's what I've done with the best of my knowledge (and most of > > > my after hours). In the remote opportunity that part of the community > > > will like it, it will > > > be downloadable from some URL (still to be defined) in LRP (tgz) > > > format. > > > > Any comment and indication is more than welcome... Nice and clean. I see it is done with Jscript, that is one area I'm lacking outside of interpretation. You might look into what Mosquito has done with Jscript. The one thing I didn't care for with Mosquito was the lack of CLI setup, but since you state you are maintaining compatibility with the stock conf files I don't see a problem. Do you have anything that will actually configure the system yet? The project that I've been working with will go far beyond this. We are looking into reworking/replacing lrcfg and adding to the existing package format for compatibility. It will work both www and cli and should work with all packages and configuration. We'll see anyway. ;-) > > > Thank you Tom for the human example you've given us (beside Shorewall > > > itself). > > > Thanks to all of you for your contribution. Yes, Tom sets a high bar for the rest of us to try to meet. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
