Dagmar d'Surreal dagmar.wants at
Thu Apr 15 15:24:56 PDT 2004

On Tue, 2004-04-13 at 02:49, Nathan Coulson wrote:

> What kind of changes were you making to the bootscripts anyway?  Would be
> nice if we can keep the 2 tree's close together.

Mainly, just adding sections similar to the following...

if [ -z "$MONOLITHIC_FIREWALL" ]; then
	for interface in $EXTRANET_IF; do
		permit_outbound external domain
	for interface in $INTRANET_IF; do
		permit_inbound dmz domain
		permit_inbound internal domain

Nothing particularly invasive, and definitely not complex enough to
require much more than a patch at this point.

Yes, "external", "internal", and "dmz" are special words, but can be
replaced by interface names (but why would you want to)  If anyone can
thing up a decent and sane way of differentiating a dmz segment from an
intranet segment, I'd like to hear it (but I don't think there is one).

This would have been complete by now but I've spent the last two days in
bed with the flu.  *sigh*
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at

