Actually, come to think of it, upon going meticulously through the
Documentation for ipchains, we would need, (if we wanted to have linuxconf
manage it) some sort of database of the chains, similar to the user
management consol for linuxconf.
The way ipchains works, is that you name a specific chain, which may
filter/reject/deny/accept based on any number of rules, and each rule in
each chain can fork off to another chain based on whether the packets match.
See
http://www.rustcorp.com/linux/ipchains/HOWTO.html
and more specifically http://www.rustcorp.com/linux/ipchains/HOWTO-4.html.
What I suggest, along with the following suggestion by James, is to have a
directory, /etc/ipchains.d/ containing all Chains in files named the same
name as the chain.
This allows anyone to do an /etc/rc.d/init.d/ipchains start command, and
providing the rc script knows about the /etc/ipchains.d directory, it will
read & install those chains, in fact, the chains would need to have a
numbering system similar to the /etc/rc.d/rc#.d/S##* system, in order to
effect the implementation of rules in the right order (preventing race
conditions in expecting all rules to implement Immediately)
We then need to have Linuxconf keep a list file, (similar to the way that
linuxconf handles the /etc/passwd file for users), of chains, so that it can
edit/add/updates a new/existing chain as necessary.
IMHO the ipchains stuff is 1000% better documented than ipfwadm ever will
be, and may not even need the expense of building the management if same
into linuxconf.
> Also since it has to be changed - I vote it gets dumped into something
>like /etc/rc.d/rc.ipchains
>rather than into a linuxconf specific file.
>
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
