Date: Tue, 13 Dec 2005 04:13:27 -0600 From: "Travis H." <solinym@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: Firewall concepts Message-ID: <d4f1333a0512130213q25a533c6s1a5d30ec88232b62@mail.gmail.com> In-Reply-To: <AE41C3C123D61B45B457F3037275842F1E0996@DC-EX-001.evendi.local> References: <AE41C3C123D61B45B457F3037275842F1E0996@DC-EX-001.evendi.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/12/05, Marcus Franke <MFranke@evendi.de> wrote: > Sounds interesting, you have such a software that would compile > the actual ruleset for the local machine depending from textfiles > which could be stored on a single directory mounted from a controlling > server? > > For example, this is the way Windows works and fetches their policy > sets from domain controllers :) Yes, I have a general-purpose text preprocessor I can send you. Or you can use something like m4 although it is complicated. I would avoid using cpp because it has many C-specific assumptions last time I checked. If you "pull" the files from a central location, I recommend caching them locally in case that central location is unavailable.=20 Alternately, you can "push" the files to each computer using scp or rsync-over-ssh every time you make a change. There is a tradeoff between pull and push, mostly it depends on whether you want every client access *to* a server, or if you'd rather make every client allow connections *from* a single machine. -- http://www.lightconsulting.com/~travis/ -><- P=3DNP if (P=3D0 or N=3D1) "My love for mathematics is like 1/x as x approaches 0." GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d4f1333a0512130213q25a533c6s1a5d30ec88232b62>