nanog mailing list archives
Re: Firewalls - Ease of Use and Maintenance?
From: Jonathan Lassoff <jof () thejof com>
Date: Thu, 10 Nov 2011 08:30:46 -0800
On Wed, Nov 9, 2011 at 12:44 PM, Nick Hilliard <nick () foobar org> wrote:
On 09/11/2011 19:07, C. Jon Larsen wrote:put the main portion of the conf in subversion as an include file and factor out local differences in the configs with macros that are defined in pf.conf Easy.As I said, it's not a pf problem. Commercial firewalls will do all this sort of thing off the shelf. It's a pain to have to write scripts to do this manually.
Agreed. This is rather a pain to have to do manually each time (either scp'ing or scripting). It's unfortunate that there's not a conventional script or mechanism for doing this. I have plenty of scripts from past commercial work that do this, but they're sadly tied up license-wise. I've had good luck, pf-wise, with creating a ruleset that is just identical between hosts. By keeping the interface naming/numbering scheme consistent across two hosts, the same configuration can just "work" on both. Cheers, jof
Current thread:
- Re: Firewalls - Ease of Use and Maintenance?, (continued)
- Re: Firewalls - Ease of Use and Maintenance? Valdis . Kletnieks (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Joe (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Jack Bates (Nov 10)
- RE: Firewalls - Ease of Use and Maintenance? Jones, Barry (Nov 11)
- Firewalls - Ease of Litigation and Subrogation Jay Ashworth (Nov 10)
- Re: Firewalls - Ease of Litigation and Subrogation -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Leo Bicknell (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Jay Ashworth (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Jonathan Lassoff (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Richard Kulawiec (Nov 10)