On Sat, 2 Aug 2008, Stephen John Smoogen wrote:
One of the items that I have to deal with at UNM is a long list of
different firewalls and servers. I have Solaris(9,10), AIX(various),
MacOSX(various), and SuSE(various), RHEL(2,3,4,5), and Fedora(7,8,9)
to worry about with lots of different firewall needs for each one. As
I am trying to standardize the firewalls... I run into that same
headache everyone runs into at some point or another... How does one
organize the various different firewalls in both the VCS and the
upcoming configuration management system... while perfect is the enemy
of the good.. what is a good way of doing it as I see way to many ways
of laying it out in file structure.
firewalls/project/OS/system
project/firewall/OS/system
OS/firewall/project/system
OS/system/project/firewall
etc etc etc. with some other // items added. Any ideas?
Hmmm, well. My initial thought for the standard was to focus explicitly
on Red Hat family type stuff which could mean the rest of that is not
compliant. Even in the RH family type stuff I'm not quite sure the best
way to manage firewalls. We're doing them with puppet templates right now
but our firewall rules are fairly simple.
Perhaps the firewall standard could explicitly focus on iptables to at
least not be RH specific but trying to write up something for a lot of
different types of firewalls seems a bit out of scope for CSI.
-Mike