On Saturday 31 August 2002 23:07, Peter Robinson wrote: > Jeff and leaf-users > > Firstly I apoligize if I offended anyone, although anyone who has > tried to develope a web front end to IPTables will know that > Shorewall is not the place to start.
Your intitled to your opinion as anyone else is. Many people find Shorewall to be a wonderful and easy to use Iptables front-end. Of the iptables front-ends that I've seen, it is definately at the top of the list and documented better than the rest for the flexibility it provides. It may not be the best solution to *every* need, but it seems to be fine for most users. Tom has been wonderful to let it be integrated with Bering and has spent a ton of time supporting it out of the kindness of his heart. Most problems with Shorewall on the list have been because someone has not read Tom's documentation, installed a non-integrated version onto Bering, changed something within the program, or is attempting to use Shorewall for something other than what it is designed (or limited) to do. None of these are Tom's fault, so he should not be slighted for these problems. Rather, if you have so suggestions for making it better, they would be received in a better manner. In any case, Shorewall is an add-on program, even within the Bering LEAF variant and it is not required for any LEAF variant. The new configuration system that we are working on will not mandate use of Shorewall or any other filtering program. Shorewall will be able to make use of the configuration system, as many/most/all LEAF packages will, but not be mandated. > You are correct however, Nothing "I" do will get rid of Shorewall, > but as soon as the web interface developement gets underway by the > good LEAF community, it's gone. See above.... it will only run on something that is packaged to use the interface. Possibly you are working on another front-end that would be packaged for use as well. > Here is a question for the LEAF Project: > Once there is a web interface to LEAF what is going to stop people > from packaging it and selling it as a firewall solution? > It easily rivals many commercial products in its current state and is > vastly superior to many already. In fact I know of at least 2 > commercial products based on LEAF. I'm not sure how the LEAF project > feels about that as it's intentions are pure. > > It is the "easy to use interface" that seperates LEAF from commercial > products! For example as a pure packetfiltering firewall IPTables is > superior to the Checkpoint firewall1 but FW1 is massive , Why ? cos > of the "easy to use interface" (and subtle marketing). > > I have seen questions about commercial support for LEAF already and > wonder how long till it becomes a commercial project like SNORT, > Mosquito etc. I do not see LEAF becoming a commercial project, as it is a collection of somewhat similar projects and is not a single project. LEAF may be used in commercial settings and run on commercially-sold machines as long as the licensing is not violated. I think many of us simply want the credit we are due for the work we have put into it. You can sell the hardware, you can sell the labor, you can sell support, you can sell the media with LEAF pre-loaded as long as you follow the licensing. Shoot, maybe one or more of them would like to donate some testing equipment or a T-1 for higher-end development! > The project goals have already changed to a cdrom based boot method > and more and more folk are using compact flash or hard drives to > extend the functionality of their firewalls. Floppys are a terribly > unreliable medium. This option, for IDE-drives has actually been used for years. The floppy is simply a target media....it keeps us working hard to keep everything small and optimized. A couple of years ago, nobody knew if something based of the developing 2.4 kernel would be able to be used on a floppy. Many people have optimized and re-coded to make it fit on a floppy. There has never been a mandate on simply using a floppy to use LEAF. > checkout http://www.bbiagent.net/en/index.html as an alternative java > interface. These guys are way ahead in this game. > Unfortunatly the connection is not encrypted and it does not support > freeswan yet or more than 2 nics. Yes, I've been through bbiagent, mosquito, freesco, and many other similar projects. I use LEAF because it fits virtually all my needs better than any other project and I get better support when I need it. If something works better for you, use it! I don't think we are necessarily competing with any similar product, we are simply trying to make our project(s) the best we can make them within the time we have/desire to give. I hope you find something that meets your needs and expectations. In regard to several of the points you have presented in your posts, we are aware of many other similar projects that have www/java configuration options included. I have proposed writing one from scratch because I have examined the open-source ones that I am aware of and found them to be severly lacking in the total scope of what _I_ have in mind. What is presently agreed on is not simply a web-based front-end, but rather a new configuration system that will (hopefully) have an optional web-based front-end included. I would like to see a script-based CLI front-end and the ability to use tftp imaging included within as well. After this is accomplished, several of us have discussed the possibility of developing a web-based image generator. I would like to see something along that line as well (hmm, Coyote or BBIagent come to mind). The more I think about that idea, I think that creating a LEAF installation CD would be more feasible resource wise. One that you could run and create a floppy/IDE image from, instead of doing something web-based. Food for thought, eh? -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
