Re: [leaf-devel] Where do we go from here?

Thu, 27 Mar 2003 10:53:08 -0800 

Tom,

On Wed, 26 Mar 2003 13:20:06 PST Tom Eastep wrote:

> Before I wrap up 1.4.2 and begin thinking about 2.0, is there anything 
> else that people believe is needed that can't wait until 2.0? I would 
> prefer that you not request integration with other products in 1.4 as I 
> believe that the structure of 2.0 will make such integration easier.

One feature that I would find useful is the ability to include
configuration directives from arbitrary files.  That ability
would make management of several firewalls with common rulesets
more convenient.  An example to help clarify:

  shorewall/params.mgmt:
  MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3
  TIME_SERVERS=4.4.4.4
  BACKUP_SERVERS=5.5.5.5
  ----- end params.mgmt -----


  shorewall/params:
  # Shorewall 1.3 /etc/shorewall/params
  [..]
  #######################################

  INCLUDE params.mgmt    # proposed INCLUDE directive to source
                         # auxiliary file
  # params unique to this host here
  #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
  ----- end params -----


  shorewall/rules.mgmt:
  ACCEPT net:$MGMT_SERVERS          $FW    tcp    22
  ACCEPT $FW          net:$TIME_SERVERS    udp    123
  ACCEPT $FW          net:$BACKUP_SERVERS  tcp    22
  ----- end rules.mgmt -----


  shorewall/rules:
  # Shorewall version 1.3 - Rules File
  [..]
  #######################################

  INCLUDE rules.mgmt     # proposed INCLUDE directive to source
                         # auxiliary file
  # rules unique to this host here
  #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
  ----- end rules -----


I primarily use Shorewall with the Bering LEAF variant, so it
would be nice to have something like that in the 1.4 series.

I scanned the docs and mailing list archives looking for similar
features or related requests and didn't see any; apologies if
this has already been discussed previously.  If not, would anyone
else find such a feature useful?

--Brad



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

_______________________________________________
leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to