Request for features
btricha at gmail.com
Mon Oct 13 10:57:23 EDT 2008
Edmond told me he got to see a demo of APT with ANTFARM integrated...
sweet! I'm glad you guys decided to use it.
As for your requests, ANTFARM was designed the way it was so
users/developers could write and customize their own scripts to fit
their particular needs. As such, I think 2 of your feature requests
below could be accomplished by modifying existing scripts to suite
your needs. I don't mind helping you do that when you have questions,
but unfortunately I don't have the time to implement them for you.
It looks like request 1 and 2 could be handled with custom scripts.
As you pointed out, 3 would possibly require a schema change, and 4
might require one as well.
For request 3, are you simply needing a boolean status of the IP
interface object? As for request 4, I'm thinking I might add a
'notes' column or something of that sort to all the tables in the
database and developers of scripts can elect to use that column
however they like. For example, you could store interface description
data in this field and use it at a later date.
Would this fit your needs or am I overlooking something?
P.S. disregard the unfinished email I sent to your personal address. :/
On Fri, Oct 10, 2008 at 9:07 AM, Sankalp Singh <sankalp at uiuc.edu> wrote:
> Hi Bryan,
> We had a few requests for new features for ANTFARM. I had sent this
> message earlier, but used an account not subscribed to the mailing list
> -- apologies if anyone receives multiple copies :)
> 1. Handle "name" command for PIX/ASA:
> This command is used to associate a text name with an IP address. We
> would like to see the addresses specified in the name command added to
> list of hosts (probably in the parse-pix-config.rb script). More
> information on this command:
> 2. Handle IP addresses mentioned in the "access-list" commands for PIX/ASA:
> Currently, the parse-pix-config script does not seem to look at the
> host addresses mentioned as the source or destinations in the access-
> list commands. More information on this command:
> 3. Handle the global IP addresses mentioned in the "static" commands:
> The global IP addresses in the static commands typically refer to sort
> of virtual hosts, rather than actual physical devices. As such, it
> would be great if a field could be added to the database schema
> indicating the virtual status of an address. This field will set for
> the global IP addresses found in the static commands. We will then be
> able to choose not show these hosts in our XML topology based on that
> field. More information on the static command:
> 4. Handling the "description" command (part of the "interface" context)
> and using it to determine when to merge networks:
> This is a part of a larger problem on how to determine when it is
> appropriate to merge two networks connected to different firewalls.
> The idea is that the description command can be used to annotate the
> firewall interfaces (and by inference, the networks connected to those
> interfaces), and merge two such networks only if they have similar/
> same descriptions. E.g., only merge when both descriptions contain the
> keyword "corporate".
> More information on the interface command:
> More information on the description command:
> Please let us know if you can add any/some of these features, or if
> you would like more clarification.
> ANTFARM-users mailing list
> ANTFARM-users at rubyforge.org
More information about the ANTFARM-users