RE: [Leaf-devel] Grand New Firewall Paradigm

Thu, 11 Jan 2001 13:43:41 -0500 (EST) 



> -----Original Message-----
> From: Kenneth Hadley [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 11, 2001 6:19 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Leaf-devel] Grand New Firewall Paradigm
> 
> 
> ----- Original Message -----
> From: "Scott C. Best" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, January 11, 2001 10:09 AM
> Subject: Re: [Leaf-devel] Grand New Firewall Paradigm
> 
> 
> > David:
> >
> >  > > ...I might create the original config with the
> > > > script generator Then go poking around in the config 
> file and make
> > > > some changes rerun the script generator and have recognize the
> > > > changes (it shouldnt even notice the difference) be at a remote
> > > > site and connect via SSH and a GUI editor and edit the 
> config at a
> > > > later date go back and run the script generator
> > >
> > > In my mind, this is THE biggest problem with almost all Script
> > > Generators, whether from the command line or a GUI: if 
> you make hand-
> > > tuned changes, then they will be lost next time the 
> generator runs.
> >
> > This speaks volumes about why any firewall generator should
> > read/write to a .conf file rather than create ipchains 
> commands directly.
> > As Charles said, it's the method of rule specification that's most
> > important, not how the (G)UI looks nor how those rules 
> become ipchains
> > commmands. Given a standard, meta-language .conf format, a 
> dozen people
> > could write a dozen UI's, and me the thirteenth guy could 
> still use ae
> > on the .conf to customize the firewall on my machine.
> > IMNSHO, I think LEAF should specify exactly that .conf file
> > format as one of its first objectives.
> >
> > -Scott
> >
> 
> My thoughts EXACTLY
> 
> -Kenneth Hadley
> 

pardon my intromission,
but this is exactly the kind of use XML was made for, if you create a
'schema' for it, all applications can rightly use/modify the .conf file
(provided that the app knows the schema)

pedro

> 
> 
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/mailman/listinfo/leaf-devel
> 

_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel

Reply via email to