Firewall concepts

[Travis H.]

On 12/12/05, Marcus Franke <MFranke at evendi.de> wrote:
> Sounds interesting, you have such a software that would compile
> the actual ruleset for the local machine depending from textfiles
> which could be stored on a single directory mounted from a controlling
> server?
>
> For example, this is the way Windows works and fetches their policy
> sets from domain controllers :)

Yes, I have a general-purpose text preprocessor I can send you.  Or
you can use something like m4 although it is complicated.  I would
avoid using cpp because it has many C-specific assumptions last time I
checked.

If you "pull" the files from a central location, I recommend caching
them locally in case that central location is unavailable. 
Alternately, you can "push" the files to each computer using scp or
rsync-over-ssh every time you make a change.  There is a tradeoff
between pull and push, mostly it depends on whether you want every
client access *to* a server, or if you'd rather make every client
allow connections *from* a single machine.
--
http://www.lightconsulting.com/~travis/  -><- P=NP if (P=0 or N=1)
"My love for mathematics is like 1/x as x approaches 0."
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B