Firewalling 90% complete & tested, questions about writing tone
F. R. Wesselmann
frw at myrealbox.com
Wed Apr 28 18:38:57 PDT 2004
Sounds like you did a good bit of work there!
Your idea of interface and source/target abstraction is beautiful -- it
ought to be easier now to have the script that starts the web server
also change the firewall rules permitting access to it!
However, I am a little concerned about the new rules language of it.
Between ipchains and iptables etc. this may seem convenient but it adds
another level of complication and interpretation. Now you have to first
figure out what the new command does and then make sure that the actual
firewall rules come out right, too.
It would be nice if we could somehow "overload" the iptables syntax to
work with your abstractions, i.e. "de-multiplex" any lists into
identical, explicit rules for each list element...
Frank R. Wesselmann frw at MyRealBox.com
"Im Paradoxen erscheint die Wirklichkeit." F. Dürrenmatt
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
More information about the hlfs-dev