On 11 Jan 2001, at 18:13, Scott C. Best wrote:
[David Douthitt wrote:]
> > In my mind, this is THE biggest problem with almost all Script
> > Generators, whether from the command line or a GUI: if you make
> > hand- tuned changes, then they will be lost next time the generator
> > runs.
> This speaks volumes about why any firewall generator should
> read/write to a .conf file rather than create ipchains commands
> directly. As Charles said, it's the method of rule specification
> that's most important, not how the (G)UI looks nor how those rules
> become ipchains commmands. Given a standard, meta-language .conf
> format, a dozen people could write a dozen UI's, and me the
> thirteenth guy could still use ae on the .conf to customize the
> firewall on my machine.
I'm not sure all what you are trying to say here. Sooner or later,
there HAS to be ipchains comamnds to make a firewall run.
Also, take any output (meta- or not, ipchains, ipfwadm, ipfilter, or
iptables) from a generator, change any line, and rerun the generator.
Will the modified line remain? I think not...
Also, I have a general disdain for anything that requires
configuration files that are NOT in a text file. How do you modify a
binary configuration file, unless every binary config file has its
own editor.... ugh.
I'm still interested in a configuration file that uses objects and OO
to create firewalls - someone called it a formatter; I'm beginning to
consider it a sort of "firewall rules compiler" or something like
that. Using ruby is quite tempting, even though it isn't big and
normally won't be found on a small LRP system.....
Don't know what Ruby is? You should :-) http://www.ruby-lang.org
--
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
[EMAIL PROTECTED]
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/leaf-devel
