Thread: Demand of PF CLI
View Single Post

   
  #6 (permalink)  
Old 02-16-2008, 06:27 AM
pakrat@localhost.private.neotoma.org
 
Posts: n/a
Default Re: Demand of PF CLI
On Wed, 23 Feb 2005 10:51:24 +0800 in <cvgsi9$2pst$1@news.hgc.com.hk> sam <sam.wun@authtec.com> wrote:
> pakrat@localhost.private.neotoma.org wrote:
>>
> The very basic feature of this pf cli is that it can take care of most
> of the filtering rule syntax, eg. put nat/rdr before all filtering
> rules, add flags S/SA keep state for all tcp, default to block all first
> before all "pass" rules, default to block finger printing scan, build
> classification of rules and each classification/table is written to a
> seperate rule file, etc...

Sounds point and grunt to me.

> Another feature is to build an easy interface for configuring CARP,
> pfsyn as well.

Sounds point and grunt to me.
And if it's point and grunt, wouldn't be a bad idea to make it easy
to slap a GUI on it and an insane policy management system (So
financial institutions can create monstrosities with it).

It's been my experience that such programmers can sometimes grasp a
documented library (or object class). They'll botch generating command lines.


--
Chris Dukes
Suspicion breeds confidance -- Brazil
Reply With Quote