system-config-firewall picking up slack where firestarter fell off

[Adam Miller]

I'm retired firestarter, I picked it up recently as it was orphaned
but as we are moving towards PolicyKit and there's no upstream to
assist with the port and after a discussion we had here on the list I
decided it was time to retire it.

Now, with that being said, I have some users on the firestarter-users
mailing list that have some features they would like to request and I
wanted to pose a couple questions here in respect to their requests
and find out if others feel that these requests are feasible and/or
are even in the scope of system-config-firewall.

1) Cisco VPN
I don't use this myself but I was told it just needs these rules, so I
don't see a big issue here:
$IPT -A FORWARD -i $IF -o $INIF -p udp --dport 500 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 500 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 50 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 50 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

2) Auto setup of "Internet Sharing", so autoconfig of dhcpd and
providing a bridge between WAN and LAN. This is one that I'm not
entirely sure there is really in the scope of system-config-firewall
and might need to be its own utility.

Those are really the only two that have been reported to me, just
looking for advisement from the group before I go off and start trying
to hack something together.

Thanks,
-Adam

-- 
http://maxamillion.googlepages.com
---------------------------------------------------------
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments