From owner-freebsd-security Fri Feb 18 17: 3:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 153B037BB46; Fri, 18 Feb 2000 17:03:02 -0800 (PST) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id MAA17185; Sat, 19 Feb 2000 12:03:28 +1100 (EST) From: Darren Reed Message-Id: <200002190103.MAA17185@cairo.anu.edu.au> Subject: Re: `higer level' packet filter rules language/editor to ease maintainance? To: nox@jelal.kn-bremen.de (Juergen Lock) Date: Sat, 19 Feb 2000 12:03:28 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG In-Reply-To: <20000219003334.A1117@saturn.kn-bremen.de> from "Juergen Lock" at Feb 19, 2000 12:33:34 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Juergen Lock, sie said: > > Hi! > > Is there such a thing as in the subject? Something that lets me, > say, put rules in groups, easily move around or clone groups, apply > global changes to groups like search/replace addresses/netmasks? > sure i can hack something up with a bit of perl/whatever for my > specific problem, but maybe there is something more general out > there... > > I currently need something for ipfw but even if what you use only > knows ipfilter (or something else?) i'd like to hear about it, > i may happen to like it so much that i'd just add ipfw > support... :) (as long as source is available, obviously.) > > I have seen `flc' that was linked on (i think) the ipfilter homepage > but decided to ask here first as it seems no longer maintained and > would need to be updated (its from 1995!) to at least add all the > ipfw features that are new since then. The idea to be able to > generate rules for several different packet filters from the same > input file certainly looked interesting tho and it would seem a > bit strange to assume that really noone uses it anymore... > (or is there a successor maybe?) I don't know if anyone else has done anything similar, I did it more as a "proof of concept" thing and haven't really gone back to it since then. Too many things to do and not enough time :) Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message