Hi, I'm going to write a provider for firewall as a part of OpenLMI project.
My current plan is to use FirewallD (via DBus) as a backend for this provider. I'm now facing the most difficult part: Model. As far as I know there is no DMTF profile for firewall. There are few classes in the CIM schema that seem to describe some kind of firewall (see page 11 of [1]), but they're not applicable to describe neither iptables nor firewalld (I couldn't figure out how to model rule ordering in chain with given classes). I can see a couple of options what to do with this problem: 1) Model FirewallD API closely Using same model as underlying service has one big advantage - it doesn't disrupt local configuration - one can use both remote and local API (command line, GUI) simultaneously, and one big disadvantage - model won't be compatible with other firewall implementations. 2) Reuse as much of existing model (CIM classes) as possible We could take what's already there and alter it to suit our needs, but I'm afraid that the result will be quite ugly. And it still won't be compatible with others. 3) Try to create new model that would be (more) universal It might be possible to create a model that would cover some common functionality of typical firewall on normal linux box (not some specialized firewall device), but it would be a lot of work and still it wouldn't cover advanced features of all firewall solutions out there. 4) Some other approach Feel free to suggest something. Personally, I would go with 1). There is no model that would bring compatibility with other systems, so IMHO it would be best to create model that will be simple and understandable and it's usage won't disrupt other usage (cmdline, gui, ...). Let me know what do you think. Or at least post some usecases that the provider must/should cover. Thank you. Radek Novacek [1] http://dmtf.org/sites/default/files/cim/cim_schema_v2390/Visio-CIM_Network.pdf _______________________________________________ openlmi-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/openlmi-devel
