On Sun, Mar 14, 2010 at 12:12:31PM +0500, ???? ??????? wrote:
> 2010/3/14 Jason Dixon <[email protected]>:
> > On Sun, Mar 14, 2010 at 11:48:44AM +0500, ???? ??????? wrote:
> >> we have many people who know ISA very well and all they do with ISA is
> >> "publishing applications", rdr rules in terms of pf.
> >> they do not need to know "all the pf detailed", all they need is
> >>
> >> a) something ISA-like
> >> b) syntax-checker, I mean that gui should only allow adding correct
> >> rules (what is not true when you edit file)
> >>
> >> "learn pf.conf and edit file" is not our case though.
> >
> > You're SOL on all counts. Oh by the way, when you find that magical
> > firewall ui that "only allows adding correct rules", please let me know.
> > That's some insanely smart code that knows right from wrong. Not even
> > pf itself will keep you from shooting yourself in the foot with
> > stupidity.
>
> text files do not have any structure, from pf.conf's point of view the rule
>
> "blok in all"
>
> is nothing more that just a line
You obviously haven't read pfctl(8). It supports syntax checking.
$ sudo grep -n blok /etc/pf.conf
30:blok in all
$ sudo pfctl -nf /etc/pf.conf
/etc/pf.conf:30: syntax error
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/
