----- Original Message -----
From: "Scott C. Best" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 11, 2001 10:09 AM
Subject: Re: [Leaf-devel] Grand New Firewall Paradigm
> David:
>
> > > ...I might create the original config with the
> > > script generator Then go poking around in the config file and make
> > > some changes rerun the script generator and have recognize the
> > > changes (it shouldnt even notice the difference) be at a remote
> > > site and connect via SSH and a GUI editor and edit the config at a
> > > later date go back and run the script generator
> >
> > In my mind, this is THE biggest problem with almost all Script
> > Generators, whether from the command line or a GUI: if you make hand-
> > tuned changes, then they will be lost next time the generator runs.
>
> This speaks volumes about why any firewall generator should
> read/write to a .conf file rather than create ipchains commands directly.
> As Charles said, it's the method of rule specification that's most
> important, not how the (G)UI looks nor how those rules become ipchains
> commmands. Given a standard, meta-language .conf format, a dozen people
> could write a dozen UI's, and me the thirteenth guy could still use ae
> on the .conf to customize the firewall on my machine.
> IMNSHO, I think LEAF should specify exactly that .conf file
> format as one of its first objectives.
>
> -Scott
>
My thoughts EXACTLY
-Kenneth Hadley
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
