A couple of meetings ago someone mentioned the tool pyroman[0] in regard to managing the firewalls on our infrastructure. Since then, I've been playing around with this tool, and have been fairly impressed. I've imported pyroman 0.3 along with a _basic_ Fedora infrastructure profile into cvs. I've added all of our PHX machines listed on InfrastructurePrivate, and added some other minor tweaks. It's not 100% ready for deployment yet, it still needs: o to allow traffic to most services on our machines o profiles for our machines at Duke o to be compared against our current rc.firewall script - I've ported over most of it (the stuff I could actually understand), but there might be some stuff I missed o LOTS of testing The more testing and the more eyes we can get on this, the better. You should be able to hop on any machine and check it out of cvs: cvs -d cvs-int.fedora.phx.redhat.com:/cvs/fedora co pyroman chains instead of just trying to load them. Hack away, infrastructure ninjas! luke [0]: http://pyroman.alioth.debian.org