From: paulr Date: Sat, 23 Oct 2010 18:43:06 +0000 (+1100) Subject: readme content. X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=91ee370bd06fc0fd77693a22bcd0928ff6d1aaf2;p=ipcontrol.git readme content. --- diff --git a/doc/readme.txt b/doc/readme.txt index 22f74eb..a105f96 100644 --- a/doc/readme.txt +++ b/doc/readme.txt @@ -12,3 +12,17 @@ this project will essentially turn every linux box connected to the system into each box will have control over its ability to route and its interface ip addresses, but thats about it. +Why? +==== + +Most of what im trying to do here has been spawned by ipv6. With ipv6 (and more importantly dual-stack ipv6/v4, which will become +common place) the need for a naming structure has become important. Also, the need to manage the address space has become even more +critical cause iana are giving ipv6 addresses like they're candy. + +Anyways, when trying to implement dual-stack you get stuck in a situation of having to re-work everything cause you create rules +for ipv4, then another set for ipv6. It gets more complicated by the fact that ipv6 gets a trillion ip's fore each host (ok so i am +exajurating, but what i mean is that you have possibly a real address and a link local address on each interface). + +So this software will try and think of everything in terms of names... for eg a host will have a name "host" and a network +might have a name "network", thus to define firewall rules we define the either host->network, network->host, host->host or +network->network and then let the infrastructure turn the rules into valid objects. \ No newline at end of file