[isf-wifidog] FirewallRuleSets & User Classes

Scott Tully scott.tully at gmail.com
Mer 2 Mar 22:16:09 EST 2005


> The idea was to have the gateway download firewall rules from the gateway at
> startup, and use the ones in the config file as an override.
>

I don't understand. 

> > You said the group word... this got me in trouble in my original
> > server design.  I didn't think of it early enough.  I don't see any
> > grouping concept in your authserver, i wasn't aware you were going in
> > this direction. If so, we need to get a group_id/concept integrated
> > before proceeding.
>
> Well, integrating a group concept on a server based on a relational database
> is pretty simple if the groups are global and a group cannot be member of a
> group.  Slightly less so if we want to let the admin define their own groups.
> But I don't see a need for that.  A dozen or so well defined classed should
> meet everyone's need.  Then, we simply add a relationship table with three
> columns:
> 
> user
> group
> node
> 
> Now if we want it to be possible for a user to be in more than one group at
> the same time, it get's pretty hairy on the gateway side.
> 
> Anyway, there is defenitely more tought that needs to go into this, but it
> really isn't that complicated.

Your right.... creating the relationship is very simple.  however, it
adds _some_ complexity to the admin interface. But mostly just changes
the way you approach designing the interface, not so much more
difficult, just different.

Scott


Plus d'informations sur la liste de diffusion WiFiDog