# -*-text-*- wfconvert unified TODO ====================== (lines are sorted by order of decreasing priority) There are still many other things to do, most are disseminated in the code, marked with @@[0-9]. 0 is the lowest priority, 9 is the highest. It is often preceded with a few letters, standing for the name of the person who could prioritarily be interested in solving it. RV: me (Hervé Eychenne) ALL: potentially everyone MV: Mikael Vera (a friend of mine) Generic stuff ------------- To do: - implement NAT intructions - implement non-regression tests (dejagnu?) - implement ipfilter module (check that wallfire compiles under *BSD first!) To do, but not show stoppers: To check: wfconvert --------- To do: To do, but not show stoppers: - config file handling - debug option is not implemented - use wfconvert_log (rvlog) everywhere To check: Wallfire module --------------- * Generic: To do: To do, but not show stoppers: To check: * Input: To do: - bad parse error message with non-wallfire input files (lex/yacc issue) To do, but not show stoppers: To check: * Output: To do: To do, but not show stoppers: - useless space before ';' To check: Netfilter module ---------------- * Generic: To do: - Most of the code could be shared with the ipchains module. To do, but not show stoppers: To check: * Input: To do: To do, but not show stoppers: To check: * Output: To do: To do, but not show stoppers: - There could be several output formats as well. For example: - script - iptables-save/restore format To check: * Optimisations - when there are such things as: for i in $ICQ_HOSTS ; do iptables -A dmz-bad -p udp -s $DMZ_SSH -d $i --dport 4000 -j ACCEPT done we could do: iptables -N icq_hosts for i in $ICQ_HOSTS ; do iptables -A icq_hosts -d $i -j ACCEPT done iptables -A dmz-bad -p udp -s $DMZ_SSH --dport 4000 -j icq_hosts Ipchains module --------------- * Generic: To do: - Most of the ideas and of the code could be shared with the netfilter module. To do, but not show stoppers: To check: * Input: Same as with netfilter. To do: To do, but not show stoppers: To check: * Output: Same as with netfilter. To do: To do, but not show stoppers: To check: Wallfire xml module ------------------- "Native" wallfire language is quite sufficient and much more readable than an XML one. But we will have to export and import ruleset in XML, especially since we want to exchange information over the network between clients and servers. For the moment I only implemented a small and ugly parsing routing of some network objects, just to play with libxml. But libxml is not C++ compliant, so maybe we'll play with Xerces. http://xml.apache.org/xerces-c/ To do: - define a DTD To do, but not show stoppers: To check: Tools ----- To do: - Create executables based on every possible useful use of available wallfire libraries. To do, but not show stoppers: - Add command line options for wfnetcomplete -a
-n -m -b -i : interactive mode (non interactive by default) To check: Debian packaging ---------------- To do: - do a libwfconvert package with ruleset/ directory (depending on libwfnetobjs) and a libwfconvert-dev one To do, but not show stoppers: To check: Redhat packaging ---------------- Well, I suppose this has to be done too... So do it if you want. Maybe one day I'll include the spec file in the package... ;-)