--=-97YF284NV6yShaPqFwb/
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
I have to say Shorewall is the closest in my mind to a perfect iptables
firewall generation script. Thanks Tom for a great product.
2 things that could make it even better in my mind:
- instead of using service acronym (don''t know how to call it
differently) for rules, it would be great to be able to use service
definition a la "RCF" see: rcf.mvlan.net. People could contribute code
for each service definition (server or client), therefore making it very
easy to create a secure but extensible firewall.
- my 2nd thought would be to have "ferm" as the descriptive language
or
something similar. I have use it in the past to describe my firewall
rules and I like its compactness a lot. especially since it now supports
variable. The drawback is that it requires "perl" which not everybody
might have on their machine.
Any thoughts ?
Pascal
--=-97YF284NV6yShaPqFwb/
Content-Type: text/html; charset=utf-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;
CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/1.0.1">
</HEAD>
<BODY>
I have to say Shorewall is the closest in my mind to a perfect iptables firewall
generation script. Thanks Tom for a great product.
<BR>
<BR>
2 things that could make it even better in my mind:
<BR>
<BR>
- instead of using service acronym (don''t know how to call it
differently) for rules, it would be great to be able to use service definition a
la "RCF" see: rcf.mvlan.net. People could contribute code for
each service definition (server or client), therefore making it very easy to
create a secure but extensible firewall.
<BR>
<BR>
- my 2nd thought would be to have "ferm" as the descriptive
language or something similar. I have use it in the past to describe my firewall
rules and I like its compactness a lot. especially since it now supports
variable. The drawback is that it requires "perl"
which not everybody might have on their machine.
<BR>
<BR>
Any thoughts ?
<BR>
<BR>
Pascal
</BODY>
</HTML>
--=-97YF284NV6yShaPqFwb/--