Re: Livingston vs. The real world.
Owen DeLong (owen@delong.sj.ca.us)
Sat, 1 Jun 1996 01:44:53 -0700
> >
> > Myself, I use PMconsole for filters so I can insert and move them
> > around easily, and use the command line for everything else 'cause
> > I can type faster than I click.
>
> (Broken record time:)
>
> I really can't understand why anyone would want to do configuration
> management of network devices through a GUI. Me, I want all
> configuration information in scripts so that I have it all in a
> stable, replayable state. The GUI is great for monitoring the device,
> but for configuration: create scripts and use pmcommand. If I have
> to swap out a portmaster (and it happens), I can get the new one
> configured in about a minute. Plus I can be confident that I
> haven't missed anything.
>
Alternative.... Use PMCONSOLE and PMREADCONF. Best of both worlds.
I'll tell you, that clone feature for setting up a whole bunch of ports
in PMCONSOLE is _REAL_ handy. Saves me writing a script generator and
works _REAL_ well. Once I've got it configured, I just pmreadconf it into
a binary file that can be applied as part of the Portmaster Install (use
pminstall to UPGRADE the pmreadconf file into the PM).
> Regarding filters: the single biggest improvement to managing filters
> would be a command that would get around the need for keeping filter
> rules numbered. A simple "append new rule to filter" would be great.
> It's a pain the butt to insert a filter rule into a script now,
> because the subsequent rules have to be renumbered. (An alternative
> would be to allow gaps in the numbers, but the "append new rule" wold
> be best.) Maybe there's already such a thing and I've missed it..
>
Unfortunately, there isn't. Additionally, since most of my filters end
in "deny log" it would be pretty useless to have the append capability.
It isn't too hard to teach perl to number filters in your script, though.
It's a little harder to teach sed. :-)
> -mm-
>
Owen