pfloor ->
Thanks for your friendly and well ment and well argued comments.
Your arguments does make sence and I have been thinking them trough, and my conclusion is the oposite of yours.
In general I think there is few persons inside the sme server environment, if any, that does agree with me at all, on how a "new" or improved firewall system might be developed.
It is not my idea that there should be one common firewall script for server installations, for 2 port installation, for 3 port installation etc.
The traditonal way of configuring a netfilter firewall is by using a firewall script for the configuration.
The logical place to start from a top down approach was just to make the structure of the most complicated variant that could be tested now, the 3 port, and from that as a basis fill inn with details and simplify it down to the level of a 2 port and a 1 port variant. Then the next logical step will be to develop some automated tools to generate these sctipt.
As the basic principle of development might be near something like the oposite of the traditional ways of doing thing in the SME Server project I will try to do this project as a contrib wia my own webpage.
http://www.linuxfirewalls.info/ (Not started yet, just made it today.)
I feel rather sure that there will come up solutions that will work on the SME server and on other Linux distroes as well, as I am using such a 3 port firewall on a SME 7.2 everyday, myself. There will also be at least some automated tools in this contrib for generating and executing these firewall configurations.
If anyone wants to test out and find things that does not work or that is not good enough or have some suggestion for improvement, I will be thankfull for that. The first framework (but not the end result) of a 3 port firewall is alredy posted and can be tested now.
By the way thanks for the link to the link to the devopers guide. I read it one year ago, and its a lot of things that I do not understand, yet, and I forgot the address where it was, so thanks a lot.
There is a lot of contribs done by private developers, and this firewall contrib is nothing more than any other contrib.
On the other hand a firewall contrib might need som mote testing and some more dicussions and some more feedback and ideas to be implemented that some other contrib might need to work in a good way.
The name of the contribs.org web forum is contribs.org and it should not be regarded to ba something negative or bad just to try to develop one other contrib.