How to model a flow

[Alef-Burzmali]

Based on the discussion in issue #8 from @anubisg1:

i have seen how this has been implemented and i have a question on the implementation or maybe on the expected way to model a flow.

when i create a firewall rule entry i can have multiple ports/protocls in a single rule. for example, a typical rule used to handle mgmt traffic would be as follow:

rule name: Device Management out

* source: managed devices

* destination: monitoring server

* protocol/port:  syslog ( tcp/514 + udp/514 ) , ntp ( tcp/123 + udp/123 ), snmp-trap ( udp/162 ), tacacs ( tcp/49 ), icmp-echo, icmp-reply

rule name: Device Management in

* source: monitoring server

* destination: mananged devices

* protocol/ports: ssh ( tcp/22 ), snmp ( udp/161 ),  icmp-echo, icmp-reply

how would i model this? the request was about allow to add in the same flow both tcp and udp ports, which does covers as a special case the "tcp+udp" that was just added.

The idea of the plugin is to document data flows (and not firewall rules directly). Each data flow should be as atomic as possible, and several data flows can be regrouped in "data flow groups". I plan to add a view "Data flow as rules" that tries to regroup flows in "optimized" rules, but this is far from ready yet.

In your example, ssh, snmp, syslog, ntp, snmp-trap, tacacs and icmp should each be a data flow, and they would be regrouped in two groups "Device management out" and "Device management in". Both these groups can be further regrouped in "Device Management", or you could use an application "Device management" for that.

However, I welcome all feedbacks on what would feel best to use. That's the primary reason the plugin is still in beta, I am not yet truly satisfied with the modelling...

Initially (alpha 1), each group was a data flow of its own with its own specification, which allowed to assign sources and destinations only once for every data flows of the group, however it was very difficult to display properly in tables and forms.