Brian J. Murrell wrote: > Is there any interest in having shorewall able to configure > iptables/netfilter on a remote node? i.e. one installs shorewall on > node foo, and executes the shorewall command(s) on node foo but has it > install the actual rules on node bar? Indeed, a single shorewall > installation could install rules/manage a network of nodes. > > Obviously the easiest path to such a goal is to simply allow some form > of remote execution to the node "bar". Could be rsh ~shudder~ or more > appropriately, ssh, complete with keys and .ssh/authorized_keys entries > that limits the scope of what the node "foo" is allowed to execute on > "bar". > > Thots? Would I be wasting my time hacking up shorewall to do this or > would such patches be considered for inclusion?
I've been thinking of implementing that but as a wrapper. My ideas was to manage separate configurations in a subversion repository and do the editing and validation on a central station. The "compiled" rules could them be uploaded using ssh to the appropriate firewall. With he recent purchase of the company I put that on hold since the new Masters have their own firewalls and usually look down their noses at OSS. -- Stephen Carville <[EMAIL PROTECTED]> Unix and Network Admin Land America Flood Services 6033 W. Century Blvd Los Angeles, CA 90045 310-342-3602 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
