Re: [Fwbuilder-discussion] FW-Builder API...
Brought to you by:
mikehorn
From: Jerry W. <je...@we...> - 2006-04-25 11:13:01
|
On Monday 24 April 2006 20:29, Vadim Kurland =E2=9C=88 wrote: > On Apr 24, 2006, at 10:59 AM, Jerry Westrick wrote: > > On Monday 24 April 2006 18:39, Vadim Kurland =E2=9C=8D wrote: > >> On Apr 24, 2006, at 6:11 AM, Jerry Westrick wrote: > >>> Hello Everybody.... > >>> > >>> > >>> Can you use all FWBuilder functions via the API? > > > > <snip> > > > >>> Jerry > >> <snip> > >> You can also look at the fwbedit utility in the fwbuilder 2.1, we've > >> added ability to create objects in it so one could do this just by > >> calling this simple command line tool. You need to check the latest > >> code out of cvs to look at 2.1 code. > >> <snip> > > fwbedit sounds like just what I need... > > but you still need to add rules ... Fwbedit does not do that, it was > intended as a simple command-line tool to manage objects. There were > requests from users for a way to add objects in bulk, say, from a > spreadsheet or some configuration file they could parse. > > --vk Okay, but I think I can get around that as follows: The firewall will be pre-configured with rules. The configuration is done b= y=20 using the pre-defined rules based the following service groups: Service Group Description Ext2Srv Services (ports) Allowed From Internet to Server Ext2Lcl Services (ports) allowed from Internet to Local Network Lcl2Ext Services (ports) allowed from Local network to Internet Lcl2Srv Services (ports) allowed from Local Network to Server Client2Srv Serives (ports) allowed from Client Pc's to Server Srv2Ext Services (ports) allowed from Server to Internet Srv2Lcl Services (ports) allowed from Server to Local Network Then with fwbedit I can just need to add the posts to the correct predefine= d=20 group, and recompile... Does this sound feasible? Note: This is not meant to replace the fwbuilder gui, but as a method of=20 transition from the SUSE firewall definitions to fwbuilder... I still ain't figured out how SUSE yast will work with fwbuilder after the= =20 transition, but, one step at a time... Jerry |