Re: Network configuration proposal: little summary
Rene Mayrhofer wrote:
> 5. Brian Basset had the objection that the ipmasq package already did
> some of what I am trying to do with my proposal. Yesterday I looked at
> the rule files processed by ipmasq and I saw some features that I really
> like (mostly the secure way of activating the firewall rules) and that I
> will take and implement (that the good point with open source - you
> don't have to reinvent the wheel). But ipmasq is aimed at the
> experienced Unix user who knows how to read and interpret manual pages.
> Please correct me if I am wrong, but ipmasq only deals with activating
> already written ipchains (or ipfwadm) statements. This does not
> interfere with my activation tool that tries to write these for the
> user. I want to have an easy to learn but powerful "language" to write
> firewalling rules. These rules get translated into the correct ipchains
> statements. We could use my activation agent to write the rules and the
> ipmasq script to activate them. Is my assumption (without real knowledge
> ;-) ) about the purpose of impasq correct (I do not want do things that
> have already be done) ?
Well, it was more of a blatant plug than an objection. ipmasq is
designed as something someone can just install and it works (whether or
not this is the case is another matter), but also designed so that
someone who knows what they're doing can change anything they don't like
with a minimum of fuss. ipmasq's rules files are basically templates on
how to set up a specific massqerading policy on any setup.
I think we're talking about two totally separate things here. (Note
that this is not a bad thing.) It should be possible to use your
language to write something that would be translated into firewalling
commands, which could then be stuck in ipmasq .rul rules files (which
are, after all, only shell script snippets.