Tuesday, August 24, 2004
firewalls

I've been building firewalls for people. If you've got the space, and a spare machine, it's simple. Well, not completely simple, you have to know how to install OpenBSD and configure the included packet filter (and dhcp, and nat), but what you end up with is a firewall that can go toe to toe with any of the commercial firewalls out on the market. All for the price of a spare machine, a pair of NIC's, and some elbom grease.

As an example, the one I just built is a pretty standard firewall. Block all unsolicited connections from the outside. Allow the machines inside the firewall to connect outside without restriction. The added twist was that they wanted to limit the times their teenage daughter can get to the internet. That was easy enough to do -- I use DHCP to tie her machine to a static IP, and then I use a cron job to swap the firewall rules between a set that allows her to connect, and a set that denies her connection. Using cron means I have a a lot of flexibility in how her connectivity is scheduled. It was all pretty simple, and it works as advertised.

I've often wondered if this could be something I do for money -- installing and configuring firewalls for home/small office use.

11:14:26 AM    comments ()  trackback []  

RAD in Twisted

I've had a project brewing in my head for a week now, and Twisted seems to be the right way to do it. I want it to be a web-based application, and I wanted to be able to create it without having to dig too deeply into the Twisted documentation. I want to get started with a minimum of fuss.

Going through the Twisted tutorial was interesting, but felt a little beside the point. The program they write is a little contrived (as many example programs are), and felt like a bit of overkill for what I wanted to do. I just want to have a web server, and have some python scripts in the docroot that get executed.

I think I've found the right way to do it... The web server that comes with Twisted can be configured to execute files in the docroot with the file extension ".rpy". So, rather than working through all of the tutorial, all I have to do is make a quick web server with the "mktap" command, and then start writing .rpy files. Very simple, very easy, and very quick to come up to speed.

Perhaps the people working on Twisted documentation (and anyone that writes useful documentation should be hailed superheroes, doing the tasks that even programmers fear -- documentation) should come up with a "Busy Developer's Guide to Twisted"... Something that says "If you just want to write a quick web-based application, do this:"... "If you want to write a quick protocol handler, do this:" A lot of this is already present in the existing documentation, they just need a little bit of reorganization.

11:07:23 AM    comments ()  trackback []  


© Copyright 2005 David Brown .
Last update: 6/29/2005; 4:28:18 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "it's getting better" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.