Jeff and leaf-users Firstly I apoligize if I offended anyone, although anyone who has tried to develope a web front end to IPTables will know that Shorewall is not the place to start. It overly complex for what it professes to do and after following the LEAF ,mailing list for the last 20 thousand odd emails, I have seen more problems with newbies and shorewall than any other problems. Its not intuitive and not very flexible. For example what happens if you want to support more than 3 nics ?
What I have done is not the best solution but it is a solution. I can't wait to see what the LEAF project comes up with with regards to a web Interface. You are correct however, Nothing "I" do will get rid of Shorewall, but as soon as the web interface developement gets underway by the good LEAF community, it's gone. Here is a question for the LEAF Project: Once there is a web interface to LEAF what is going to stop people from packaging it and selling it as a firewall solution? It easily rivals many commercial products in its current state and is vastly superior to many already. In fact I know of at least 2 commercial products based on LEAF. I'm not sure how the LEAF project feels about that as it's intentions are pure. It is the "easy to use interface" that seperates LEAF from commercial products! For example as a pure packetfiltering firewall IPTables is superior to the Checkpoint firewall1 but FW1 is massive , Why ? cos of the "easy to use interface" (and subtle marketing). I have seen questions about commercial support for LEAF already and wonder how long till it becomes a commercial project like SNORT, Mosquito etc. The project goals have already changed to a cdrom based boot method and more and more folk are using compact flash or hard drives to extend the functionality of their firewalls. Floppys are a terribly unreliable medium. checkout http://www.bbiagent.net/en/index.html as an alternative java interface. These guys are way ahead in this game. Unfortunatly the connection is not encrypted and it does not support freeswan yet or more than 2 nics. Peter Robinson Senior Security Engineer - Sydney [EMAIL PROTECTED] -----Original Message----- From: Jeff Newmiller [mailto:[EMAIL PROTECTED]] Sent: Sunday, 1 September 2002 2:22 AM To: Peter Robinson Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] Webbased configuration On Sun, 1 Sep 2002, Peter Robinson wrote: > Hi there. > > A suggestion if I may... > > What you are all suggesting has already been 3 quarters written in Mosquito. > I will require porting to English (I have already done this) and the > abolishment of the abomination known as shorewall. I guess you have expressed your opinion about Shorewall now, but nothing you do will result in the "abolishment" of that package. If what you do is demonstrably better than Shorewall, then that package may get displaced in some cases, but name-calling is only likely to raise hackles. I would recommend that you review the Project Goals stated at http://leaf.sourceforge.net. --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
