fw rules critique?

[der.hans]

On Mon, 17 Apr 2000, Craig White wrote:

> OK I'll byte...
> 
> 1. don't you need to declare the 'override vars' before the host
> declarations if they are to be used?

Actually they are. The overide_vars f(x) is called at the beginning of
where the script actually starts and the host_declaration is called almost
at the end when masking is setup. I placed the f(x)s out of order to put
the most likely to be edited stuff at the top :).

> 2. why not have 1 or 2 logging levels as variables (have you tested how much
> this script will end up logging on an @home connection?)...variables loglev1
> & loglev2 and set them both to "-l" or "" as desired.

Because I haven't gone that far with it :). I want to make sure my rules
are solid, then I'll worry about logging. In any case I prefer to log
everything and then use grep or some other tools to read the logs :).

> 3. need other modprobes such as ip_raudio

OK, I'll add it. Never heard of it, though :). Anything else?

> 4. flow & programming is elegant but tough for beginners to understand.

True. Not really well organized anyway, but if I improve comments that
should be enough for beginners.

> 5. lastly, no instructions on how to execute - i.e. add to rc.local (I
> assume that's what you have in mind for startfw) or a more elegant script
> for /etc/rc.d/init.d which is added via chkconfig to levels 345.

Put 'em in /root/bin, then run /root/bin/startfw :).

I have a different set of automagic rules for boot because if I'm not on
the console at boot time I don't want any network traffic to be allowed
:). For others I will need to be doing something like what you're
suggesting :).

ciao,

der.hans
-- 
#  der.hans@LuftHans.com   home.pages.de/~lufthans/   www.OpNIX.com
#  When I work, I work hard. When I play, I play hard.
#  When I sit, I sleep. - Embe Kugler