Tuesday, June 30, 2015

IPF w/o SysML

After installing FreeBSD 10.1 to an older laptop -- effectively, in developing a LAN gateway appliance out of my older laptop PC, applying FreeBSD as an alternative to Debian 8, then hoping FreeBSD might be more predictable in terms of simple network performance, if not furthermore more interesting for installation onto an BeagleBone Black's ARM architecture -- I searched, early on, for documentation about how to configure the FreeBSD OS for network firewalling and network address translation (NAT). I found two articles about the topic, immediately, in the FreeBSD handbook -- specifically, section 30.4 IPFW, and section 30.5 IPFILTER (IPF).

As my being relatively more new to the structure and configurations of the FreeBSD base system, at that time, candidly I wasn't exactly certain of which firewall/NAT framework to apply, of those two available options.

To my point of view -- albeit, at the earlier time -- the documentation about IPFW seemed, I thought, more approachable. Though I wasn't particularly certain if I could learn to understand the semantics of either IPFW or IPF, immediately, but in beginning with the substantial examples provided in the IPFW documentation, I implemented a rudimentary NAT firewall on the LAN gateway. Subsequently, I installed DBJ DNS' dnscache and the Squid 3 HTTP proxy, also on the same low-load gateway. To this time, I've been able to make use of HTTP, SSH, and IRC services across the LAN gateway, in the latter's NAT configuration. However, I've been encountering a persistent issue with regards to FTP downloads across the gateway. Broadly, I believe it may have something to do with FTP operations in passive mode and the characteristics of the NAT configuration on the gateway host.. Although without drilling down on the documentation about the FTP protocol, personally I've decided to apply IPF as a firewall  instead.

Along with this small change in the host's architecture, furthermore after an initial review of the respective IPF section of the FreeBSD handbook, personally I would like to develop some further, small documentation about IPF, as in a sense of a SysML model about the IPF shell command interface and its functions in a network firewall architecture. Of course, this will require some amount of a tedious tooling around with a modeling platform of some kind -- for instance, Modelio or the Cubetto Toolset. I don't particularly imagine as if that could be quite a nice ordeal, any more, however -- considering  the nature of the entire gripey web, broadly, moreover considering so many of people's own inventive agendas, candidly, the inevitable "Web sharp shooters" so to speak, it really does not make any manner of an incentive for any good works whatsoever, when one cannot even begin an article ere it's shoved aside for someone's own pretentious whim, the commentariat in full swing.

Perhaps it reminds of a metaphor about fortress building games, if not furthermore a metaphor about utter childishness. By no means does it ever remind of a software development community.

Presuming that if I have seen it before -- a ridiculously biased comment for a simple article -- and it made no sense to me then, that therefore I must expect to see it again, if I ever dare to write again in the audience of the commentariat without respecting people's own sensitivities so far as I cannot even possibly guess -- taking such a matter to a certain conclusion, logical or not, common or not, it essentially halts all discussion, lest anyone have their feelings wounded on a bad day for it, by even an accidentally cheerful thing.

So, seriously, why bother to present anything cheerful, any more, to the commentariat webs?  Let the state of the art slide further into the dust bin of history, if there are simply too many too poignantly emotional agendas going around for any science to actually advance any further.

So, at some point, there might be a SysML model to show, but not here, and not today.