X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from jeremythomerson.com (unknown [74.117.189.39])
	by mail.alpinelinux.org (Postfix) with ESMTP id 653FBDC1609
	for <alpine-devel@lists.alpinelinux.org>; Tue,  3 Jan 2012 17:45:41 +0000 (UTC)
Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182])
	by jeremythomerson.com (Postfix) with ESMTP id E560E1C929
	for <alpine-devel@lists.alpinelinux.org>; Tue,  3 Jan 2012 12:23:00 -0600 (CST)
Received: by vcbfk1 with SMTP id fk1so21852916vcb.13
        for <alpine-devel@lists.alpinelinux.org>; Tue, 03 Jan 2012 09:45:40 -0800 (PST)
Received: by 10.52.67.179 with SMTP id o19mr8082215vdt.106.1325612740220; Tue,
 03 Jan 2012 09:45:40 -0800 (PST)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Reply-To: jeremy@thomersonfamily.com
Received: by 10.220.178.130 with HTTP; Tue, 3 Jan 2012 09:45:19 -0800 (PST)
In-Reply-To: <alpine.LFD.2.02.1112301354560.21584@kunkku.net>
References: <alpine.LFD.2.02.1112301354560.21584@kunkku.net>
From: Jeremy Thomerson <jeremy@thomersonfamily.com>
Date: Tue, 3 Jan 2012 12:45:19 -0500
Message-ID: <CADVmKVAZcc8QWmz_HLgOY_njSnaXyUt5NZp6oTpabf6Bwngexg@mail.gmail.com>
Subject: Re: [alpine-devel] Alpine Wall for firewall management
To: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Cc: alpine-devel@lists.alpinelinux.org
Content-Type: multipart/alternative; boundary=20cf307ca6307d964404b5a34407

--20cf307ca6307d964404b5a34407
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Dec 30, 2011 at 9:08 AM, Kaarle Ritvanen <
kaarle.ritvanen@datakunkku.fi> wrote:

> Hello,
>
> We have a new firewall management framework under early development.
> Please check out the draft specification here and provide your comments:
>
> http://wiki.alpinelinux.org/**wiki/Alpine_Wall<http://wiki.alpinelinux.org/wiki/Alpine_Wall>
>
> BR,
> Kaarle
>

Not having looked through all of it in great detail, I have a question
about the following statement from the wiki:

> The back-end will contain functionality for domain name resolution. In the
> data model, hosts of groups thereof can be identified by their domain
> names. The back-end will resolve these to IP addresses, which will be
> stored in the target files, so there will be no need to resolve anything
> when activating the configuration during boot.
>
At what point does the back-end do the resolution?  It seems like it would
need to periodically update this since a firewall may run weeks, months, or
years with no change and name resolution could change periodically.  Will
it observe TTL?

Overall, the plan looks really good.  I'd be curious: will there be a CLI
for the functionality, or will it only be in ACF webapp?  I typically don't
use ACF on my Alpine boxes.  I assume without ACF I'll just need to modify
the Alpine Wall config files directly?

Thanks!
Jeremy Thomerson

--20cf307ca6307d964404b5a34407
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br><div class=3D"gmail_quote">On Fri, Dec 30, 2011 at 9:08 AM, Kaarle Ritv=
anen <span dir=3D"ltr">&lt;<a href=3D"mailto:kaarle.ritvanen@datakunkku.fi"=
>kaarle.ritvanen@datakunkku.fi</a>&gt;</span> wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex">

Hello,<br>
<br>
We have a new firewall management framework under early development. Please=
 check out the draft specification here and provide your comments:<br>
<br>
<a href=3D"http://wiki.alpinelinux.org/wiki/Alpine_Wall" target=3D"_blank">=
http://wiki.alpinelinux.org/<u></u>wiki/Alpine_Wall</a><br>
<br>
BR,<br>
Kaarle<br></blockquote><div><br>Not having looked through all of it in grea=
t detail, I have a question about the following statement from the wiki:<br=
><blockquote style=3D"margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(20=
4,204,204);padding-left:1ex" class=3D"gmail_quote">

<p>The back-end will contain functionality for domain name resolution. In
the data model, hosts of groups thereof can be identified by their
domain names. The back-end will resolve these to IP addresses, which
will be stored in the target files, so there will be no need to
resolve anything when activating the configuration during boot.
</p></blockquote><div>At what point does the back-end do the resolution?=A0=
 It seems like it would need to periodically update this since a firewall m=
ay run weeks, months, or years with no change and name resolution could cha=
nge periodically.=A0 Will it observe TTL?<br>

<br>Overall, the plan looks really good.=A0 I&#39;d be curious: will there =
be a CLI for the functionality, or will it only be in ACF webapp?=A0 I typi=
cally don&#39;t use ACF on my Alpine boxes.=A0 I assume without ACF I&#39;l=
l just need to modify the Alpine Wall config files directly?<br>

<br>Thanks!<br>Jeremy Thomerson<br>=A0</div></div></div><br>

--20cf307ca6307d964404b5a34407--


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---