On Fri, Aug 17, 2012 at 8:30 AM, Joegen Baclor <[email protected]> wrote: > If a firewall can do it without winking, I don't see why we cant. The only > difference is that a firewall filter is kernel level while we will be doing > it in the application layer. Why can't we simply upload the CSV and update > the input chains?
We will this type of security in application and firewall support, even if it's application feeding rules to iptables automatically. Firewall is a great start though. Just for everyone's sake, why we even have whitelist/blacklist feature. It was put in code base before firewall support was planned so if it's obsolete before it's even used, so be it. So I'm confident we can add this feature post 4.6.0 release by bundling as a separate app. Maybe a slight modification to 4.6 but we can sneak that into an update. Tony, were you able to do anything w/ the firewall cfengine tips i posted to list, because i think that's the start of this. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
