Well, I've been reading with interest all the threads about all the various firewall design ideas, and a common idea seems to be the best way to implement the 'user interface'. It's been stated quite aptly that the basic construction mechanism would sort of fall into place once the hurdle of configuration information was overcome. Wouldn't something like the 'make.conf' script used for command line kernel configuration be a simple yet flexible means to this end? A series of y/n questions (except for addresses) would query the end user for their needs, this could branch to other necessary questions for a particular response and eventually generate a conf file with all the required parameters to allow a script to parse the conf file and generate a rules set. If one needed to change things on the fly, run the config script again. The current state of the configuration could show up as the last response to a particular query, allowing the user to hit enter down through the questions until the one needing changing was encountered. After the last question is answered the rule set would be regenerated to reflect the change and the rules put in place. Each question could have a short description displayed if the user hit the 'h' key as a response... you know the drill. The advantages I see here are that the whole thing could probably be done with shell scripts, thus allowing all configuration to be done on the router box. No hand editing of sometimes obtuse config files. No added programs required, we'd be using mechanisms already available on a typical LRP type install. Package it up as a .lrp and away you go. This could be applied to other things than just a filter rule set, enabling / disabling services, setting up dhcp, basically whatever one needed for a 'firewall on a box' type design. Sure, there's no fancy web interface, and a novice might have to run through it a few times before they got a handle on things, but it seems this could be implemented to be versatile as well as small and relatively simple. If I'm out in left field here let me know. Regards Paul Batozech -- ----------------------------------------- It's a Linux world....well, it oughta be. ----------------------------------------- _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/mailman/listinfo/leaf-devel
