[isf-wifidog] FirewallRuleSets & User Classes
Benoit Grégoire
bock at step.polymtl.ca
Mer 2 Mar 21:56:25 EST 2005
> Yes, we would need a web ui to set the firewall rules so we might as
> well use the authserver... why have two ui's... I did the same thing
> for the zonecd. I added a "reload" parameter to the init script to
> wget the updated config from the server. We should probably use a
> separate .conf for the firewall rules altogether ??
The idea was to have the gateway download firewall rules from the gateway at
startup, and use the ones in the config file as an override.
> You said the group word... this got me in trouble in my original
> server design. I didn't think of it early enough. I don't see any
> grouping concept in your authserver, i wasn't aware you were going in
> this direction. If so, we need to get a group_id/concept integrated
> before proceeding.
Well, integrating a group concept on a server based on a relational database
is pretty simple if the groups are global and a group cannot be member of a
group. Slightly less so if we want to let the admin define their own groups.
But I don't see a need for that. A dozen or so well defined classed should
meet everyone's need. Then, we simply add a relationship table with three
columns:
user
group
node
Now if we want it to be possible for a user to be in more than one group at
the same time, it get's pretty hairy on the gateway side.
Anyway, there is defenitely more tought that needs to go into this, but it
really isn't that complicated.
> > Lots of ideas. We (I?) need focus. Maybe I'm just rambling after a long
> > day of sugar rushes and caffeine.
>
> Focus would be good... who's who working on the dog anyway? i don't
> know who does what programing, etc..
Gateway: Mostly Alex, Mina, Philippe and Pascal
Auth server: Mostly me, Philippe and Pascal
--
Benoit Grégoire, http://benoitg.coeus.ca/
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 189 octets
Desc: non disponible
Url: http://listes.philippeapril.com/pipermail/wifidog/attachments/20050302/b541ec4e/attachment.pgp
Plus d'informations sur la liste de diffusion WiFiDog