RE: [leaf-devel] Project Description Goals
Mike wrote: A Linux Embedded Appliance Framework delivered in easy-to-use branches. Specific branches target a variety of environments. Anything from enterprise networks and Internet service providers to small office/home office environments are supported. I haven't seen a LEAF branch that targets the enterprise. Some requirements of the enterprise are: - central management for multiple firewalls: Probably best addressed with the FWBuilder support and the LEAF construction kit - Firewalls with many ports (16 is common): Again probably the easiest with FWBuilder - HA clusters/Failover solutions - Central Log management - Multiple users supported Depending on the environment, you'll also want - VPN for roaming users with NAT Traversal and DHCP through the VPN (almost there..) - RADIUS support, SecurID support - dynamic firewall rules with login - trunking, VRRP, HSRP, whatever Considering the feedback on my contributions which are targeted at larger environments (but not large), I don't think many people are interested. People seem to prefer stonegate as a Linux solution. BTW, I have seen stonegate on a FW-500ME, the same appliance box that we use for LEAF. Cheers Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Updated Kernel with IPSec and grsecurity
Am Freitag, 16. Januar 2004 13:50 schrieb Jaime Nebrera Herrera: Hi all, We are tryibg to compile a more recent kernel (say 2.4.22 or afterwards) with support for both FreeSWAN AND grsecurity without luck. New Bering-uClibc release has kernel 2.4.24 with grsecurity and FreeSWAN support. Though we used gcc 2.9.x (smaller kernel than with gcc 3.x). kp --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Project Description Goals
Am Freitag, 16. Januar 2004 10:34 schrieb Alex Rhomberg: Mike wrote: A Linux Embedded Appliance Framework delivered in easy-to-use branches. Specific branches target a variety of environments. Anything from enterprise networks and Internet service providers to small office/home office environments are supported. I haven't seen a LEAF branch that targets the enterprise. Some requirements of the enterprise are: - central management for multiple firewalls: Probably best addressed with the FWBuilder support and the LEAF construction kit - Firewalls with many ports (16 is common): Again probably the easiest with FWBuilder - HA clusters/Failover solutions - Central Log management - Multiple users supported Depending on the environment, you'll also want - VPN for roaming users with NAT Traversal and DHCP through the VPN (almost there..) - RADIUS support, SecurID support - dynamic firewall rules with login - trunking, VRRP, HSRP, whatever Alex; we are talking about goals - some of them has eached, some of them not, but maybe in the future. LEAF works from home office to small office right now stable and with more features a usual user is asking for. We could even close down development and put everything in maintenance mode (only security fixes, providing support, improving docs) and most of LEAF users will be satisfied a long time. But some features already provided are mostly beyond this target audience - like zebra/quagga, your FWBuilder support and probably ipv6 (at least for the near future). On the other side there are members working on new ideas to make installation/configuration easier for home users. I believe moving any branch to support larger environments than small office is a _goal_, though we may fail :), like it is a goal to improve installation and configuration for SOHO users. kp --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
On Thu, 2004-01-15 at 19:07, Mike Noyes wrote: A Linux Embedded Appliance Framework delivered in easy-to-use branches. Specific branches target a variety of environments. Anything from enterprise networks and Internet service providers to small office/home office environments are supported. (244 characters) - or - Linux Embedded Appliance Framework (LEAF) LEAF is a embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN router, Internet border router, wireless access point (WAP), and telemetry box. (243 characters) -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
On Fri, 2004-01-16 at 10:43, Mike Noyes wrote: Linux Embedded Appliance Framework (LEAF) LEAF is a embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN router, Internet border router, wireless access point (WAP), and telemetry box. (243 characters) Linux Embedded Appliance Framework (LEAF) LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN router, Internet border router/firewall, wireless access point (WAP), and telemetry box. (253 characters) Other appliance-oriented tasks: print server, mail forwarder, web server, X-10 controller, system rescue, thin client, and probably more that I forgot. -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
Linux Embedded Appliance Framework (LEAF) LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN router, Internet border router/firewall, wireless access point (WAP), and telemetry box. (253 characters) I like this one. Except for the Framework; I though that frameworks by definition don't do anything but just provide a framework that can be filled with your work. I wouldn't call LEAF a framework. I'd probably change the description to LAN/WAN/Internet border router/firewall and replace the telemetry box with VPN gateway Linux Embedded Appliance Firewall (LEAF) LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN/Internet border router/firewall, wireless access point (WAP), and VPN gateway. (a bit less than 253 characters) Cheers Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
we are talking about goals - some of them has eached, some of them not, but maybe in the future. LEAF works from home office to small office right now stable and with more features a usual user is asking for. We could even close down development and put everything in maintenance mode (only security fixes, providing support, improving docs) and most of LEAF users will be satisfied a long time. There is definitely some useful work that can be done in the management/configuration area und to improve the upgrading process (separate config and data) Even maintenance mode needs quite some work, just to compile new packages from new software releases. I believe moving any branch to support larger environments than small office is a _goal_, though we may fail :), like it is a goal to improve installation and configuration for SOHO users. Moving to larger environments is one thing, but the enterprise is and IMHO will remain beyond the reach of LEAF, because a big firewall has enough space for a current distro. Eventually a fully open source Linux firewall will be ready for the enterprise, probably because a hardware vendor wants to attack the Nokia/Checkpoint Combo. But it will hardly be based on LEAF. Cheers Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
On Fri, 2004-01-16 at 12:06, Alex Rhomberg wrote: Linux Embedded Appliance Framework (LEAF) LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN router, Internet border router/firewall, wireless access point (WAP), and telemetry box. (253 characters) Except for the Framework; I though that frameworks by definition don't do anything but just provide a framework that can be filled with your work. I wouldn't call LEAF a framework. Alex, Last time we were discussing a project description change framework was the best solution we came up with for replacing firewall. Neither describe LEAF well. I'm open to suggestions for F in our acronym. I think of a framework as a basic structure for creating things. Basic structure can be nebulously defined as our development model, build environment, and branch. Thing would be a network appliance-oriented task. Linux Embedded Appliance Firewall (LEAF) LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN/Internet border router/firewall, wireless access point (WAP), and VPN gateway. (a bit less than 253 characters) I like this. :-) Everyone, Are there any opinions, comments, or suggestions for the proposed project description above? -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Updated Kernel with IPSec and grsecurity
Hi all, We are tryibg to compile a more recent kernel (say 2.4.22 or afterwards) with support for both FreeSWAN AND grsecurity without luck. At this moment we are using stock 2.4.22 kernel with the last 1.99 FreeSwan available and 1.9.13 grsecurity, but no way, we cant get it to compile using a gcc 3.2 compiler (Gentoo 1.4 system) Anybody has done this? Any clue? Thanks in advance. Regards. -- Jaime Nebrera - [EMAIL PROTECTED] --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
On Fri, 2004-01-16 at 12:51, Mike Noyes wrote: On Fri, 2004-01-16 at 12:06, Alex Rhomberg wrote: LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN/Internet border router/firewall, wireless access point (WAP), and VPN gateway. (a bit less than 253 characters) I like this. :-) Everyone, Are there any opinions, comments, or suggestions for the proposed project description above? Updated DocManager with new proposal. Please review and comment. Thanks. Description https://sourceforge.net/docman/display_doc.php?docid=1396group_id=13751 -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
