sunscreen command line syntax

From: Chris Hoogendyk (hoogendyk@bio.umass.edu)
Date: Wed May 11 2005 - 17:11:50 EDT


I've spent a couple of days reading through sunscreen documentation
online, playing with "ssadm edit ...", skimming throught various
people's tutorials and guides, ...

I can't help thinking that the documentation never got user tested by
someone who didn't already know it. So, although this sounds elementary,
I just haven't been able to find an explanation of the two sets of curly
braces in the following:

# ssadm edit Initial
edit> add address "name" GROUP { } { }

   or

edit> list addresses
"eri0.net" RANGE 192.168.54.0 - 192.168.55.255
"server7_eri0" GROUP { } { }

with the GROUP form of address there always seems to be two sets of
braces at the end. Sometimes there are values in the left one, sometimes
in the right one, sometimes both, sometimes neither.

neither the man pages (e.g. "man ssadm-edit") nor the online
documentation (even appendix b of the admin overview that addresses the
command line interface) explain what the significance of these are,
whether there is a difference between the first and second, or why I
would need an empty set. It leaves me feeling edgy about jumping in and
activating a firewall on an active server, even though I feel I
understand most of it and am otherwise comfortable with the command line
interface.

---------------

also, I have a server that I had sunscreen running on, then I changed
the server's name and ip address and put it into production. I had to
turn sunscreen off, because it broke my ssh connections after the
identity change and I couldn't find where to change the identity within
sunscreen -- or is the name irrelevent, and all I need to do is change
the address? I just did a "/etc/init.d/sunscreen stop". Next reboot,
I'll have to do it again if I haven't fixed it.

---------------

Chris Hoogendyk

-
    O__ ---- Systems Administrator
   c/ /'_ --- Biology Department
  (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst

<hoogendyk@bio.umass.edu>

---------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:41 EDT