Hello
> this sounds interesting. Is the new system going to be 2.4 based? I ask
> because 2.4 is supposed to have stateful inspection, which makes firewall
> a much more applicable term.
i would like that also very much
>
> I'd be interested in helping out on a firewall script system, but I don't
> have a great deal of time. Have you checked out the existing packages like
> seawall and Mathew Grant's firewall.rc?
> What I'd envision is a modular system like the init scripts. So each
> service is in a file of about four lines with the proper filtering or
> forwarding commands, and linking to the file in a separate directory
> includes it. That would be easier to manage via weblet GUI becuase the
> user could use checkboxes to say "port forward FTP to server A" and "don't
> forward www to server B".
could be a nice way to arrange it that way, there is a lot of traffic on
the list from people asking how to implement this or that "standard
situation". Alternativly you could create the whole firewall script
according to a webinterface so as for example on the firewall-guru
site (ziegler). and put this script on the floppy.
Advantage (less code in the distro)
disadvantage ( creating the firewall script in a "foreign environment"
for the suspicious user ;))
> On Tue, 2 Jan 2001, Charles Steinkuehler wrote:
>
> > Recently Dave Cinege contacted me about doing some work with him on the new
> > packaging format for Butterfly. Since I've been banging my head against the
> > existing LRP packaging scheme already, I told him I'd probably be willing to
> > help. To get things going, Dave called me, and I wound up chatting with him
> > for about an hour New Year's Eve.
> >
> > The good news is the packaging system sounds like it will address a lot of
> > the problems I've been running into (trying to make CD-ROM boot LRP systems,
> > and LRP systems that boot natively off a HDD w/o a ramdisk), and will remain
> > primarily shell-script based (with perhaps a function or two added to
> > busybox for speed) so it will be small.
> >
> > I'll post more about what's going to be new and different as I get time and
> > more details from Dave. I guess the current 'executive summary' is
> > something like:
> >
> > Dave C. wants to build a tiny, flexable linux disto
> >
> > I want to build small, secure, application specific linux boxes (including
> > things like a firewall/router as well as stuff like a DNS server, SMTP
> > server, web-server, etc. Remember, I currently use LRP as my web and DNS
> > server, running on a 486 no less!)
> >
> > I was getting ready to start hacking up the packaging system on LRP to more
> > gracefully support my CD-ROM efforts and booting directly from a HDD (both
> > of these boot methods are required for LRP systems I maintain)...I will now
> > likely help Dave C. in his efforts to do this.
> >
> > I'd still like to see a good set of firewall scripts...Dave C. and I agree
> > that the firewall stuff doesn't belong in the core OS, but should really be
> > a package. I may get around to working on a 'new & improved' set of
> > firewall scripts soon. Since each of the several LRP systems I currently
> > have installed required major hacks to the firewall rules, and I'd like to
> > have one 'master' scriptset (to make my life easier), I may simply 'start
> > from scratch' rather than try to fold all the mods together. Anyone want to
> > collaberate on this?
I would like to help, allthough time is rare as with anybody ;) and i
don't know if i have enough experience yet. But as learning by
doing and reading and a lot of enthusiasm is enough for you, i 'm
on.
> I'd like to pound out some ideas for specifying &
> > controlling the firwall rules (the coding part is easy...the hard part is
> > solving the problem).
Greetings Eric Wolzak
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
