Well, I'm at it again. I've started over, and this time I'm doing it right. I've been following the spec I wrote with Brent's suggestions (http://www.tlarson.com/fireconf) almost religiously. So far, I'm *very* impressed with the results.
The focus of this project is flexibility, embedability, and modularity. Parts of the program can be loaded and used by any other python app, and command line options allow you to do pretty much anything with or without interacting with the GUI. So far, I've written the backend (the module framework and the iptables stuff), with a sample module ("Set-up internet connection sharing").
What I'm wondering is if there are any specific suggestions you might have that should go into the framework of the app. Specifically, I've never written a module interface in python, and what I've got may or may not be the most optimal thing there is. Python handles a lot of stuff for you, so what I've come up with looks a lot like this:
def RunModule(module_name, firewall, **args): mod = __import__(module_name) return mod.Main(firewall, args)
--where "firewall" is an easy-to-use object that contains everything there is to know about the firewall--tables, chains, rules, etc. If someone has any logical reason why to use a different method, run it by me. Remember that in this tool, all the modules do is manipulate the firewall--answer queries, make changes, that kind of thing. Stuff like loading, saving, and activating a particular ruleset is handled by the framework.
Oh, and since the question invariably comes up--using an existing firewall configuration tool (sadly) isn't an option. None of the tools out there (firestarter and fwbuilder included) offer the required ability to integrate into existing configuration tools. There are other objections as well, search the archives if you're interested.
-- Fedora-config-list mailing list Fedora-config-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-config-list