RE: [leaf-user] Re: leaf-user digest, Vol 1 #2420 - 7 msgs
Any ideas how to make installation/configuration easier? Firewall users are not so likely to be Linux users. Most Linux distros come with installable/installed firewalls, and workstations can be made fairly secure in themselves. A LEAF installation tool should either run with whatever OS the user has and is seeking to protect, i.e. most likely Windows, or it should include its own OS. Do the developers want to develop a Windows-based customization tool? Now, one of LEAF's attractions is running from a floppy, but even with a 1680KB floppy there's little room left. So if developers choose this route the initial download would likely be two diskettes, one for the customization tool and some packages, and one for the common code base to be customized. Certainly both are do-able, but trying to develop a useful customization tool isn't easy. You know, I was just thinking that while I was reading this. A configuration wizard for windows would be very handy. Something to automate initial configuration and even updating, puts the correct LRPs on, adds your network card modules to the disk. Yes, something that stores your configuration and can then assembles a floppy/ISO/HDD/CF/ETC LEAF image from the configuration, scripts and LRPs + modules tarball. I know there is buildtool, but I'm thinking of something simpler. No compiling, just grab the latest LRP, insert the configuration files and burn/write/summon/conjure the disk. And no linux required. It could be made modular, allowing integration of new and updated LRPs. But simple to start with, a windows or platform independent application that automates the download, assembly and initial configuration (meaning the necessary steps from the installation docs) would greatly increase the accessibility of LEAF for the likes of, well, me. Not that is would be simple of course... Just my 2EUR. James. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: leaf-user digest, Vol 1 #2420 - 7 msgs
On Thursday 23 September 2004 04:47 am, James Neave wrote: You know, I was just thinking that while I was reading this. A configuration wizard for windows would be very handy. Something to automate initial configuration and even updating, puts the correct LRPs on, adds your network card modules to the disk. [...] But simple to start with, a windows or platform independent application that automates the download, assembly and initial configuration (meaning the necessary steps from the installation docs) would greatly increase the accessibility of LEAF for the likes of, well, me. Not that is would be simple of course... I don't think most people can even begin to understand the complexity of what is being desired here. A lot of work has been done and far more discussed into making this a reality. The only cross-platform options for GUI is Java, TK/TCL, and maybe Perl which drives the frontend that you see and doesn't actually *do* any work. The backend that does what you don't see must be able to be run on the LEAF box limiting things to either Ash shell script or compiled C. Futher there isn't a good way to work this w/o changing the packaging format to include integration. BTW, there is over 200 available packages available for the various branches. Upgrades to the packages (different conf files, variables and the like) need to be approached and either the system must be network savy (which LEAF generally isn't) to transfer information OR you must create a new floppy everytime. In short, you need a person or group that programs entirely different languages on different systems and set a defination of the process to take that integrates. Then you will likely have to completely rework every package that could be added to the system to conform. Multiply this by the various branches and their idiosyncrises to each other and the support that the developers of the system will have to deal with and things just really aren't freaking simple at all. To be flat honest, I'd done a lot more work on this if attempting to feed my family and keep a house over their head hasn't been near impossible the last two years in this economy. If you just want something extremely that works like this, my suggestion is to use FreeSCO or BBImage. If you want or need more than they offer, please feel free to contribute to the system we have been working on or write one that meets your needs. I'll be honest the entirety of LEAF is NOT simple by any means of the imagination as it is now. It has taken Cisco years to provide a similar sytem with all of their resources to do the' same thing that is generally misconfigured after being available to the public. Paul, you've been telling me how simple this should be for years, PLEASE, PLEASE to a stab at doing it if it is so simple. I also expect you to realease it to the general public and support it through all the ways it can be borked by the end users. Only then can you convey to me how simple this process really is. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Re: leaf-user digest, Vol 1 #2420 - 7 msgs
On Thu, 2004-09-23 at 02:47, James Neave wrote: You know, I was just thinking that while I was reading this. A configuration wizard for windows would be very handy. Something to automate initial configuration and even updating, puts the correct LRPs on, adds your network card modules to the disk. James, Configuration during initial setup is considerably different than when running. We have discussed both topics on our devel list in the past. Feel free to join the conversation there. Comments and suggestions by the extended community are welcome. Initial Setup Configuration: A) Live Linux CD: use to generate a target image. e.g. http://distrowatch.com/dwres.php?resource=cd B) Web based build system. e.g. http://www.rom-o-matic.net/5.0.4/ Operational/Production Configuration: Lead Developer: Chad Carr http://cvs.sourceforge.net/viewcvs.py/leaf/src/config/leaf-tools/ Lead Developer: Nathan Angelacos http://cvs.sourceforge.net/viewcvs.py/leaf/devel/nangel/webconf/ -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: leaf-user digest, Vol 1 #2420 - 7 msgs
On Friday 24 September 2004 05:59 pm, Tom Eastep wrote: In my 35 years in this business, I've come to learn that all System/Programming projects are easy in the opinion of people who are not responsible for delivering them. You've done a mind boggling job with Shorewall and Seawall throughout the years Tom. I've been simply amazed at all the work and document (not to mention support) that you have done. It sure won't ever be underrated by me. Even more amazing is that it hasn't cost you a divorce. :) -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: leaf-user digest, Vol 1 #2420 - 7 msgs
Am Donnerstag, 23. September 2004 18:00 schrieb James Neave: Only thing I think would be a problem, is the decompressing/de-archiving or the LRPs, updating scripts and the re-archiving/compressing. I personally don't know of any win32 bzip2 implementations/APIs. LRP's are tar.gz files not bzip2; so you may start programming - this only problem is solved :) kp --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: leaf-user digest, Vol 1 #2420 - 7 msgs
On Sunday 19 September 2004 10:00, Paul G Rogers wrote: From: Tom Eastep [EMAIL PROTECTED] I concluded that it was better to force users to deal with real Shorewall configuration from the outset. Tom, I agree with that, but if parameterization simplifies initial installation of the default Shorewall, that would be worthwhile. I suppose anybody who knows they need customized tables won't have any problems with the paradigm shift. You're still providing a simpler way for the average user to get his LEAF firewall functioning. If you would like to resurrect and support the old files, you are welcome to. They are totally separate from Shorewall and rely on Shorewall's ability to expand shell variables. Just be sure to document fully that if a user wants to do something that the fill-in-the-blank files don't support then it is necessary to essentially start over. The bottom line is if users want/need a firewall, they will use one they can use. If LEAF developers insist the user has to know his/her way around a dozen *nix configuration files, then those are the only users who will gravitate to LEAF. That's by far a minority of all the users who want/need a firewall like LEAF. It's not enough to provide the documentation, for a first time user the documentation itself can be daunting--it's written by the experts! Speaking only for myself, I have never targeted Shorewall at first-time newbies; I think it is an overkill for what most of those folks need. I have tried to provide sufficient documentation that those who want to learn more can do so. Any ideas how to make installation/configuration easier? Firewall users are not so likely to be Linux users. Most Linux distros come with installable/installed firewalls, and workstations can be made fairly secure in themselves. A LEAF installation tool should either run with whatever OS the user has and is seeking to protect, i.e. most likely Windows, or it should include its own OS. Do the developers want to develop a Windows-based customization tool? Now, one of LEAF's attractions is running from a floppy, but even with a 1680KB floppy there's little room left. So if developers choose this route the initial download would likely be two diskettes, one for the customization tool and some packages, and one for the common code base to be customized. Certainly both are do-able, but trying to develop a useful customization tool isn't easy. Do you really think that diskettes should be part of any new solution? -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key pgpSsSUs9Zq0H.pgp Description: signature