Eric Wolzak wrote:
>
> Hello
> > this sounds interesting. Is the new system going to be 2.4 based? I ask
> > because 2.4 is supposed to have stateful inspection, which makes firewall
> > a much more applicable term.
> i would like that also very much
> >
> > I'd be interested in helping out on a firewall script system, but I don't
> > have a great deal of time. Have you checked out the existing packages like
> > seawall and Mathew Grant's firewall.rc?
I'd be interested also, although I'm far from an expert I do enjoy shell
scripting:)
I contributed a few small parts to Matthew Grant's original script to
make it work in a dhcp client environment, such as pulling the external
ip out of ifconfig, some variable assignment and the dhcp rules.
>
> > What I'd envision is a modular system like the init scripts. So each
> > service is in a file of about four lines with the proper filtering or
> > forwarding commands, and linking to the file in a separate directory
> > includes it. That would be easier to manage via weblet GUI becuase the
> > user could use checkboxes to say "port forward FTP to server A" and "don't
> > forward www to server B".
> could be a nice way to arrange it that way, there is a lot of traffic on
> the list from people asking how to implement this or that "standard
> situation". Alternativly you could create the whole firewall script
> according to a webinterface so as for example on the firewall-guru
> site (ziegler). and put this script on the floppy.
> Advantage (less code in the distro)
> disadvantage ( creating the firewall script in a "foreign environment"
> for the suspicious user ;))
I was impressed with Ziegler's web based config tool, but I must admit
alittle nervous about the 'foreign environment' as well.
Although I've not set up a seawall configuration it seems like a pretty
good starting point, no?
A separate package also seems like a good idea, just another .lrp file.
Those that needs it loads it, those that don't skips it.
> I would like to help, allthough time is rare as with anybody ;) and i
> don't know if i have enough experience yet. But as learning by
> doing and reading and a lot of enthusiasm is enough for you, i 'm
> on.
Same here, I could use the experience with functions and eval.
>
> > I'd like to pound out some ideas for specifying &
> > > controlling the firwall rules (the coding part is easy...the hard part is
> > > solving the problem).
Along with trying to foresee every strange permutation a user could come
up with:)
Regards
Paul Batozech
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/mailman/listinfo/leaf-devel
--
-----------------------------------------
It's a Linux world....well, it oughta be.
-----------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
