GUIDELINES firewall-easy


These are the main development guidelines I followed

* All scripts (bash, awk, perl)
    -> libc independence
    -> package runs the same in potato, woody or sid, no recompilation needed

* Easy of use
    -> shipped working and already configured for personal (home) use with
	    Internet connetion via phone (ppp0)
    -> easy config
	- minimum config
	- autoconfiguration of IP, mask and DNS
	- separate rules from config files:
	    firewall-easy.conf = only config and autodetection of IP/net/ifaces
	    firewall-easy-lib = only rules
	- try firewall-easy-lib vars to be language free
    -> easy rules file
	- same firewall rules independent from packet filtering used
	- rules with no flow control, just up to down
	- rules with $VARS autogenerating loops for several values
    -> easy to port to any firewall support
	- No separated chain for every interface
	- Forward = Input (2.4 iptables)
	- Minimum rules for only a specific kernel

* Packet filter independence (in fact autodetection and different scripts used)
    -> multikernel support

* Firewall only to Internet
    -> Confidence to local net