From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=DATE_IN_PAST_12_24,
	DMARC_REJECT,INVALID_DATE,MAILING_LIST_MULTI,RDNS_NONE autolearn=no
	autolearn_force=no version=4.0.0
Received: from [209.167.237.254] (helo=mercury.phoenix-interactive.com)
	by cvs.gentoo.org with esmtp (Exim 3.30 #1)
	id 15os48-0007bH-00
	for gentoo-dev@cvs.gentoo.org; Wed, 03 Oct 2001 13:52:24 -0600
Received: by murcury with Internet Mail Service (5.5.2650.21)
	id <TFF6LZK4>; Wed, 3 Oct 2001 15:49:51 -0400
Message-ID: <1DCB85BD45DED211B12D009027279E4F47700B@murcury>
From: Sean Mitchell <SMitchell@phoenix-interactive.com>
To: gentoo-dev@cvs.gentoo.org
Subject: RE: [gentoo-dev] NAT iptables info
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: gentoo-dev-admin@cvs.gentoo.org
Errors-To: gentoo-dev-admin@cvs.gentoo.org
X-BeenThere: gentoo-dev@cvs.gentoo.org
X-Mailman-Version: 2.0
Precedence: bulk
Reply-To: gentoo-dev@cvs.gentoo.org
List-Help: <mailto:gentoo-dev-request@cvs.gentoo.org?subject=help>
List-Post: <mailto:gentoo-dev@cvs.gentoo.org>
List-Subscribe: <http://cvs.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@cvs.gentoo.org?subject=subscribe>
List-Id: Gentoo Linux development list <gentoo-dev.cvs.gentoo.org>
List-Unsubscribe: <http://cvs.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@cvs.gentoo.org?subject=unsubscribe>
List-Archive: <http://cvs.gentoo.org/pipermail/gentoo-dev/>
Date: Wed Oct  3 13:53:02 2001
X-Original-Date: Wed, 3 Oct 2001 15:49:41 -0400
X-Archives-Salt: 25a20022-58fb-4418-b50c-7efa9a940def
X-Archives-Hash: 6bb927f73854072339e1cc50d9551c7e

> From: Donny Davies [mailto:woodchip@gentoo.org]

> Nope. Sorry. Im not in agreement in this at all. Of course, 
> its open to debate,
> Im not saying I know everything, nor Im 100% right. Go ahead, 
> debate away.
> But I dont want any part of it, Ill tell you that!
> 
> If you dont understand the ramnifications of packet 
> filetering, NAT, etc then
> you have *no* business running this software. We are not 
> Microsoft or Wingate,
> opening yuor machine to a wider world.

<snip rest of post>

I have to agree in principle here, FWIW. The answer to this problem of
making the functionality available to everyone is to make sure things are
clearly and thoroughly documented. I think we are best served by following
the OpenBSD example of a secure default install and then let the users
change configuration to suit.

Cheers,

Sean