this sounds interesting. Is the new system going to be 2.4 based? I ask
because 2.4 is supposed to have stateful inspection, which makes firewall
a much more applicable term.
I'd be interested in helping out on a firewall script system, but I don't
have a great deal of time. Have you checked out the existing packages like
seawall and Mathew Grant's firewall.rc?
What I'd envision is a modular system like the init scripts. So each
service is in a file of about four lines with the proper filtering or
forwarding commands, and linking to the file in a separate directory
includes it. That would be easier to manage via weblet GUI becuase the
user could use checkboxes to say "port forward FTP to server A" and "don't
forward www to server B".
--
Jack Coates
Monkeynoodle: It's what's for dinner!
On Tue, 2 Jan 2001, Charles Steinkuehler wrote:
> Recently Dave Cinege contacted me about doing some work with him on the new
> packaging format for Butterfly. Since I've been banging my head against the
> existing LRP packaging scheme already, I told him I'd probably be willing to
> help. To get things going, Dave called me, and I wound up chatting with him
> for about an hour New Year's Eve.
>
> The good news is the packaging system sounds like it will address a lot of
> the problems I've been running into (trying to make CD-ROM boot LRP systems,
> and LRP systems that boot natively off a HDD w/o a ramdisk), and will remain
> primarily shell-script based (with perhaps a function or two added to
> busybox for speed) so it will be small.
>
> I'll post more about what's going to be new and different as I get time and
> more details from Dave. I guess the current 'executive summary' is
> something like:
>
> Dave C. wants to build a tiny, flexable linux disto
>
> I want to build small, secure, application specific linux boxes (including
> things like a firewall/router as well as stuff like a DNS server, SMTP
> server, web-server, etc. Remember, I currently use LRP as my web and DNS
> server, running on a 486 no less!)
>
> I was getting ready to start hacking up the packaging system on LRP to more
> gracefully support my CD-ROM efforts and booting directly from a HDD (both
> of these boot methods are required for LRP systems I maintain)...I will now
> likely help Dave C. in his efforts to do this.
>
> I'd still like to see a good set of firewall scripts...Dave C. and I agree
> that the firewall stuff doesn't belong in the core OS, but should really be
> a package. I may get around to working on a 'new & improved' set of
> firewall scripts soon. Since each of the several LRP systems I currently
> have installed required major hacks to the firewall rules, and I'd like to
> have one 'master' scriptset (to make my life easier), I may simply 'start
> from scratch' rather than try to fold all the mods together. Anyone want to
> collaberate on this? I'd like to pound out some ideas for specifying &
> controlling the firwall rules (the coding part is easy...the hard part is
> solving the problem).
>
> Finally, I'm headed back to TX until the 12th (I leave in about 6 hours).
> I'll probably be doing a fair amount of LRP stuff while there, as I don't
> think I'll be too busy, and the 'work' I'll be doing is related to migrating
> our current network structure (and it's LRP boxes) to a new facility a few
> miles down the highway.
>
> Charles Steinkuehler
> http://lrp.steinkuehler.net
> http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
>
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/mailman/listinfo/leaf-devel
>
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
