[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: Re[2]: persist tables & hearbeat
From:       "Karl O. Pinc" <kop () meme ! com>
Date:       2005-12-27 15:45:29
Message-ID: 1135698329l.27149l.6l () mofo
[Download RAW message or body]


On 12/27/2005 01:58:00 AM, Sylwester S. Biernacki wrote:

> no, no, no. I didn't meant to make it so. I tried to tell that
> good software should be written in one language and in our case (PF +
> monitoring software) it should be the best if such monitoring sofware
> was strictly connected with PF.
> Don't you think so ?

By that logic all Un*x daemons are "unprofessional" as they're started,
stopped, reconfigured, and generally controlled by
a program (rc, particuarly the sys V init.d scripts that are packaged
with the daemons) not written in the same language.  Or syslog
is "cheezy" because it's using a unix socket instead of a
API to communicate between client and server.

The exact opposite is true.  You want loose coupling between
components that do different things, each component doing
one thing well.   You do not want one giant program that
does everything, although the corporate software world wants
to sell you one.

> Firstly:
> your script has to be run with root privilege.

And why is this a bad idea?  It is modifying the kernel's
firewall state.  It's safer to have something running as
root messing with the kernel than a userland program
messing with the kernel.

Now, you may want something with documentation that uses
configuration files so as to hide all possible implimentation
details from people whom it would only confuse.  That is
a different matter.  But to do something simple, use a simple
tool.  And if it's simple enough it should not be hard for
you to document in a form suited to your situation.
If nagios is overkill, choose another heartbeat tool and
use it instead.  If that's too much use ping (hping, nc, etc.)
and script it. With the wealth of choices available pf does not
need to provide "the one true way".

Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein

[prev in list] [next in list] [prev in thread] [next in thread]