QUESTION ONE:
I would like to remove three actions from this profile. Do you consider the following actions need to be included in the 'stateless-packet-filtering' (aka firewall) profile?
QUESTION TWO:
If you believe that any of the above actions are applicable to the firewall profile, please identify if they should be required, optional and suggested target type(s)
BACKGROUND:
The basis for inclusion of the delete, save and restart actions was a legacy document that we inherited from the forum days. Over the course of the past two weeks I have been soliciting for use cases and examples so that I may fill in section 2.2 of the
draft profile.
The following is NOT consensus attained from the actuator profile subcommittee nor any subset of the subcommittee. The following is my personal opinion only and request confirmation or rebuttal.
In the context of the stateless-packet-filtering:
DELETE: I do not see the utility of including ‘delete’ in this profile. If one needs to delete a block or allow type of rule, then it would be more appropriate to use a deny or allow. Within the devices may very well be writing, deleting, saving etc,
but at the higher language level that we are working at, the deny or allow command is sufficient.
SAVE: I do not see the utility of including ‘save’ in this profile for similar reasons. Save is especially redundant when one considers that there is the optional persistent and running modifiers.
RESTART: I do not see the utility of including ‘restart’ in this profile. We do have an optional ‘update’ action. Update is a compound action that (depending on the product) may include a restart. About the only scenario that came to my mind for a
‘restart’ was to get back to some known good state, but I would argue that it would be more appropriate to use an update.
VR
Joe Brule