Shorewall devel - Jan 2002 - Another feature request

--=-97YF284NV6yShaPqFwb/
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

I have to say Shorewall is the closest in my mind to a perfect iptables
firewall generation script. Thanks Tom for a great product. 

2 things that could make it even better in my mind: 

- instead of using service acronym (don''t know how to call it
differently) for rules, it would be great to be able to use service
definition a la "RCF" see: rcf.mvlan.net. People could contribute code
for each service definition (server or client), therefore making it very
easy to create a secure but extensible firewall.

- my 2nd thought would be to have "ferm" as the descriptive language
or
something similar. I have use it in the past to describe my firewall
rules and I like its compactness a lot. especially since it now supports
variable.  The drawback is that it requires "perl" which not everybody
might have on their machine.

Any thoughts ?

Pascal

--=-97YF284NV6yShaPqFwb/
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html;
CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/1.0.1">
</HEAD>
<BODY>
I have to say Shorewall is the closest in my mind to a perfect iptables firewall
generation script. Thanks Tom for a great product.
<BR>

<BR>
2 things that could make it even better in my mind: 
<BR>

<BR>
- instead of using service acronym (don''t know how to call it
differently) for rules, it would be great to be able to use service definition a
la &quot;RCF&quot; see: rcf.mvlan.net. People could contribute code for
each service definition (server or client), therefore making it very easy to
create a secure but extensible firewall.
<BR>

<BR>
- my 2nd thought would be to have &quot;ferm&quot; as the descriptive
language or something similar. I have use it in the past to describe my firewall
rules and I like its compactness a lot. especially since it now supports
variable.&nbsp; The drawback is that it requires &quot;perl&quot;
which not everybody might have on their machine.
<BR>

<BR>
Any thoughts ?
<BR>

<BR>
Pascal
</BODY>
</HTML>

--=-97YF284NV6yShaPqFwb/--

On Saturday 19 January 2002 07:46 am, Pascal DeMilly
wrote:
> I have to say Shorewall is the closest in my mind to a perfect iptables
> firewall generation script. Thanks Tom for a great product.
>
> 2 things that could make it even better in my mind:
>
> - instead of using service acronym (don''t know how to call it
> differently) for rules, it would be great to be able to use service
> definition a la "RCF" see: rcf.mvlan.net. People could contribute
code
> for each service definition (server or client), therefore making it very
> easy to create a secure but extensible firewall.
>
> - my 2nd thought would be to have "ferm" as the descriptive
language or
> something similar. I have use it in the past to describe my firewall
> rules and I like its compactness a lot. especially since it now supports
> variable.  The drawback is that it requires "perl" which not
everybody
> might have on their machine.
>
> Any thoughts ?
Once we have a GUI, I consider the question of how the firewall is described=20
in the underlying text files to be largely irrelevant.

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net