On Fri, 2007-02-02 at 10:17 -0800, Stephen Carville wrote: > > I've been thinking of implementing that but as a wrapper.
Not sure I follow "as a wrapper". > My ideas was > to manage separate configurations in a subversion repository Sure, in SVN if one wishes. > and do the > editing and validation on a central station. And compilation. But compilation requires information from the remote machine. Those would have to be remote commands too. Perhaps some batching could be done to reduce overhead. > The "compiled" rules could > them be uploaded using ssh to the appropriate firewall. Yeah. Have run_iptables batch up the iptables commands for a single execution of them all over a single ssh session. It seems (at a very first quick glance) as though all externally executed commands are run through a "run_*" wrapper. This would make such modifications quite easy. Even one more level of wrappage to have all run_*() commands optionally runnable remotely in a single function. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
