<html>
Some interesting ideas. Im taking notes...<br>
<br>
I havnt realeased any source code yet because currently the program
is<br>
so short that it would be too easy for someone to "take the code and
run<br>
with it". Large projects protect the author of the code in a sense
that there<br>
are potentially so many lines of code its more economical to pay
for<br>
support than to reverse engineer somone's ideas.<br>
<br>
The "core" of my firewall is about 600 lines of code including
the multithreading<br>
and queueing. The remaining 600 lines just parse the config file in a
fancy<br>
way. The parser will tell you exactly where made a bo-bo in the config
file<br>
(i got carried away with my parsing code). As it turns out, firewalling
and<br>
the packet queueing stuff that Cisco or any other company
implements<br>
is not hard, nor is it complex stuff, and they charge way too much<br>
for it. I love it when my company brings Cisco or Nortel in and they talk
about<br>
their network software or hardware and how they do certain things. I
use<br>
their ideas to come up with my own stuff to do in Linux. Big companies
stay<br>
away from Linux which means my ideas have no competition from big<br>
software companies. :)<br>
<br>
I have a curses based "monitor" to watch some stats from the
command<br>
line and a couple of cgi programs to do the web stuff. Each of those
progs<br>
are only a couple hundred lines each.<br>
<br>
I intend to release the code eventually (when it get big enough and
the<br>
feature set it refined), most likely under the GPL. Have to admit that
its a<br>
new area for me to get into...<br>
<br>
If anyone has any experience with pariticipating in linux
development<br>
"projects" I'd be interested in hearing any tips on how to
manage<br>
one (assuming I have the time).<br>
<br>
Jason<br>
<br>
<br>
<br>
At 08:11 PM 11/18/00 -0600, you wrote:<br>
>Another great feature would be to have packets matching a certain
rule to<br>
>get passed to a plugin for processing. For example, PPTP packets
could get<br>
>passed to a plugin that replaces the internal IP with the external
one on<br>
>the way out, and vice-versa on the way in. <br>
><br>
>What would be even better is multiple interface support, where you
assign<br>
>each interface a different security level. The outside interface
would be<br>
>0, and the inside would be 100. DMZ's could be anything in between.
By<br>
>default, higher security levels would be able to get to lower ones,
but not<br>
>the other way around. Adding this support and NAT capabilities would
make<br>
>it have the same functionality as a cisco PIX firewall (except for
the PPTP<br>
>thing).<br>
><br>
>Maybe it's time to whack your code up on sourceforge.net and start
a<br>
>project. Once it's up and working properly, you give the code away
under<br>
>the GPL, but charge for support services if businesses need them.
This is<br>
>how the makers of MySQL and Bind make their money. I don't know yet
if<br>
>Oracle is free for commercial use, but they were throwing around the
idea<br>
>since 70% of their revenue is generated from support contracts and
calls.<br>
>If you could fit the project on a boot floppy, and make a nice
command line<br>
>interface, you'd make a very nice free alternative to very
expensive<br>
>commercial firewalls.<br>
><br>
>Jay<br>
><br>
<BR>
</html>