> > First off...hello! My name is Scott Best, and I was
> >recently invited to this list by Mike Sensney. I hope I
> >can help contribute. :)
>
> Thanks for the credit, but I think it actually was Mike Noyes who
> invited you. :-) Glad to have you on the list.
Whoops! Mea culpa. Thanks Mike, and sorry Mike!
> > What I've done, then, is to break the standard firewall
> >script up into three components: the firewall ruleset, a
> >.conf file, and a supervisory script. In the .conf file, I
> >setup an definition like:
> >
> >[SERVICE]_HOST_MACID="00:00:39:12:ae:1a"
>
> Just a thought, you could extend this a little by adding:
> [SERVICE]_HOST_IP="xxx.xxx.xxx.xxx"
> [SERVICE]_HOST_NAME="host.name"
> This would add some extra design flexibility for the firewall
> maintainer but should be easy to implement.
Yes, very good. Though I would skip the HOST_IP
definition as it is the work of the supervisory script to
determine that number invisibly from the user.
Also, I'd change _HOST_NAME to _HOST_MACID_NAME,
because _HOST_MACID is the "parent" attribute in this model,
from which everything else is derived. In the UI, the end
use never sees the MACID, of course, they'd just see the
MACID_NAME, like "Bob's WinNT PC".
The ultimate intent is to let the end user configure
their firewall by connecting a *service* to a *machine name*.
No IP#'s, no port #'s, no MACID's, nothing layer-3 or below
at all. Combine that with a boilerplate firewall ruleset that's
99.9 percent effective, and I think you have something on target
for the target-audience for LEAF.
IMO, of course. :)
-Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
