Firewalling 90% complete & tested, questions about writing tone

F. R. Wesselmann frw at myrealbox.com
Wed Apr 28 18:38:57 PDT 2004


Sounds like you did a good bit of work there!

Your idea of interface and source/target abstraction is beautiful -- it 
ought to be easier now to have the script that starts the web server 
also change the firewall rules permitting access to it!

However, I am a little concerned about the new rules language of it. 
Between ipchains and iptables etc. this may seem convenient but it adds 
another level of complication and interpretation.  Now you have to first 
figure out what the new command does and then make sure that the actual 
firewall rules come out right, too.

It would be nice if we could somehow "overload" the iptables syntax to 
work with your abstractions, i.e. "de-multiplex" any lists into 
identical, explicit rules for each list element...

-- 
========================================================================
Frank R. Wesselmann                                    frw at MyRealBox.com

      "Im Paradoxen erscheint die Wirklichkeit."      F. Dürrenmatt
========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20040428/07b490fa/attachment.sig>


More information about the hlfs-dev mailing list