In Debian Edu, we provide a out of the box pre-configured network solution for schools. We hard code the IP subnet used, to be able to configure all the services we want to have working out of the box. We want to avoid hard coding the IP addresses and IP subnet, but found no other way to get it working. This email document an idea on how to avoid this hard coding.
At the moment, very few services need subnet information. It is squid, sysklogd, cfengine (cfservd), dhcpd and bind. The first three need to have a subnet access limit, and we currently hardcode it to 10.0.2.0/255.255.254.0 or 10.0.2.0/23, depending on the supported notation. It would be better if we could use a symbolic name, and store the subnet IP address in a common location, thus making it easier to change the IP subnet used. One obvious solution would be to use /etc/networks, and rewrite squid, sysklogd and cfservd to use information in this file. The problem is only that getnetent() and friends only support the classic A, B and C subnets, aka /8, /16 and /24. Would it be possible to extend /etc/networks to support any subnet size? I guess the easiest way to do this would be to extend the 'number' part of the file to support the slash notation. It should be backwards compatible, as the original POSIX notation only allow digits and dots in this field. Is this a good idea? How would glibc have to change to handle this? Are there any other options available for us to avoid hard coding IP subnet information in the squid, sysklogd and cfservd configuration files? Friendly, -- Petter Reinholdtsen One of the Debian Edu developers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
