A nicer way (as in less to code:) to do below would be to always require
a trusted host IP address, so that even if they mess up their rules, the
can as a last resort ssh to the server from that IP address, otherwise
are we not going to be looking at some type of logical paraser first to
detect rule conflicts? Fwbuilder.org has one for their gui so we could
learn from that if needed but I think that would massivly scale up the
project all of a sudden. Which would be a pain in the ass to code.
But then again, the API and UI should never allow them to mess up the
tales that bad that they cannot log into ther server.
AJ
On Wed, 2005-02-09 at 22:28 +0000, adam beecher wrote:
> BTW, I think it's very important to make sure that people don't lock
> themselves out of their servers by mistake, so I think we should definitely
> include some code (just `sleep`, presumably) to automatically deactivate the
> new firewall after a minute or so, so people can test it. Perhaps if the
> shell script loaded the fw like that by default, and to activate it properly
> you have to pass a flag, or even a password?
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
