From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: Request: Submission of Rulesets
Date: Wed, 24 Aug 2005 16:07:43 -0500 [thread overview]
Message-ID: <200508241607.43943.rob0@gmx.co.uk> (raw)
In-Reply-To: <200508241314.37034.admin@buddhalinux.com>
On Wednesday 2005-August-24 13:14, Thomas Jones wrote:
> Abstract:
I readily admit that this is not a good day for me. I am not operating
at full capacity, so to speak. But I have to say that this post made no
sense at all to me. Is it just me? Did anyone else understand it? If
so, can you explain it?
> The Security Document Initiative is an implementation of the domain
> of applied cryptography as it relates to XML Markup Language and the
> creation of a security infrastructure to protect information systems
> and resources.
I once saw an online automated generator of scholarly papers. It was
hilarious! It used language just like this.
> This project is charged with developing a XML Document Type
> Definition document model that Netfilter rulesets can be validated
> against. Any document instance of the "Firewall Rule Subset" must be
> well-formed and comply with the structured XML Markup Language. This
> language is being designed to provide all VALID rule entries that are
> available under the netfilter framework.
Okay, I think I see a little substance here. The poster wants something
which lists every possible valid netfilter rule. Right?
Unfortunately, the list of valid rules is almost infinite. And what's
valid may vary in context: what's available in the kernel, other rules
in the chain, et c. "iptables I OUTPUT -j LOG" is a valid rule (rather
unfortunate if the local syslogd is logging to a remote syslog server,
as each packet generates another one ad infinitum), but only valid if
the LOG target is available.
> This is where you the end-user come into play. Obviously, it would
> take me an untold number of days/weeks/months/years to construct a
> comprehensive and stable compilation of valid rules. The compilation
It's not even possible.
> of the rules and rulesets are a key step in this development process.
> Without, all representative rules and rulesets; a correct and valid
> netfilter rule will be deemed invalid under an improperly constructed
> document model. Thus, negating the purpose and intent of the SDI
> Firewall Rule Subset project.
Perhaps the purpose and intent of the SDI Firewall Rule Subset project
should be reevaluated.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
next prev parent reply other threads:[~2005-08-24 21:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-24 18:14 Request: Submission of Rulesets Thomas Jones
2005-08-24 21:07 ` /dev/rob0 [this message]
2005-08-24 22:25 ` Thomas Jones
2005-08-24 22:36 ` /dev/rob0
2005-08-24 22:48 ` Thomas Jones
[not found] ` <8d48b6ba050824174131a2bbd3@mail.gmail.com>
2005-08-25 0:42 ` Fwd: " Shannon Roddy
-- strict thread matches above, loose matches on Subject: below --
2005-08-25 11:56 Derick Anderson
2005-08-25 14:35 ` Thomas Jones
2005-08-26 11:57 Derick Anderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200508241607.43943.rob0@gmx.co.uk \
--to=rob0@gmx.co.uk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox