Re: [Leaf-devel] Grand New Firewall Paradigm

Thu, 11 Jan 2001 11:53:06 -0500 (EST) 


----- Original Message -----
From: "David Douthitt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 11, 2001 8:37 AM
Subject: Re: [Leaf-devel] Grand New Firewall Paradigm


> On 11 Jan 2001, at 6:43, Kenneth Hadley wrote:
>
> > just adding my own two cents but im wondering why not implementate all
> > three methods (that I see)?
> >
> > 1) Question/menu based script generator
> > 2) Editable Config file
> > 3) GUI based editor
>
> All of them have their place.  Some prefer one over the other; it
> should be obvious I prefer #1 on the box itself, but.... all should
> be available somewhere.

exactly my thought....though personally #2 and #3 i would use more often
myself ;-)
my biggest thought is that each method would need to follow the same
guildlines of where and when the data is written to a configuration
file....thus allowing all three methods to access the same file
aka
I might create the original config with the script generator
Then go poking around and the config file and make some changes
rerun the script generator and have reconize the changes (it shouldnt even
notice the difference)
be at a remote site and connect via SSH and a GUI editor and edit the config
at a latter date go back and run the script generator

basically im saying that in order for all methods to work a common file
format would need to exist

> I was thinking - with the proper tools, installing an ipchains script
> built on another system could be done like thus:
>
> LRP # nc -l -p 1705 > /tmp/ipchains.fw
>
> ...
>
> othersys # cat ipchains.fw | nc LRP.sys.local 1705
>
> ...and voila!  There it is.  If someone had a need for this often
> enough, busybox could have nc loaded, or the netcat.lrp package could
> be installed on the boot disk...

hmmmm intresting thought......

> > (I was looking at http://www.crocodile.org/~vadim/fwbuilder/ for a
> > example....but custom)
>
> That is FANTASTIC!  Conceptually, I think this is a sort of what I
> had in mind, though not with the GUI.  With a proper channel to
> getting the results over to the firewall box, this could be a nice
> way to go.
>
> --
> David Douthitt
> UNIX Systems Administrator
> HP-UX, Linux, Unixware
> [EMAIL PROTECTED]
>

-Kenneth Hadley



_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel

Reply via email to