From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=DATE_IN_PAST_24_48,DMARC_NONE, INVALID_DATE,MAILING_LIST_MULTI,NICE_REPLY_A autolearn=unavailable autolearn_force=no version=4.0.0 Received: from femail24.sdc1.sfba.home.com ([24.0.95.149]) by cvs.gentoo.org with esmtp (Exim 3.30 #1) id 15ow7C-0000NQ-00 for gentoo-dev@cvs.gentoo.org; Wed, 03 Oct 2001 18:11:50 -0600 Received: from g2r61.home.com ([24.255.149.198]) by femail24.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20011004001232.CJNS1134.femail24.sdc1.sfba.home.com@g2r61.home.com> for ; Wed, 3 Oct 2001 17:12:32 -0700 From: Collins Richey To: gentoo-dev@cvs.gentoo.org Subject: Re: [gentoo-dev] NAT iptables info Message-Id: <20011003182513.5af6a97e.erichey2@home.com> In-Reply-To: References: <3BBB6849.2467BBFE@gentoo.org> X-Mailer: Sylpheed version 0.6.2 (GTK+ 1.2.10; i586-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Wed Oct 3 18:12:01 2001 X-Original-Date: Wed, 3 Oct 2001 18:25:13 -0600 X-Archives-Salt: 707be613-b124-443b-8f7b-e80b2b3d4c88 X-Archives-Hash: 0ed2d5dcb0e8583b4fff203d84b169ce On Wed, 3 Oct 2001 12:51:07 -0700 Michael M Nazaroff wrote: > On Wednesday 03 October 2001 12:34 pm, you wrote: > Just to let everyone know I completely agree with Donny on > this...Gentoo > should be power house not dumbed down. > > > Nope. Sorry. Im not in agreement in this at all. Of course, its > open to > > debate, Im not saying I know everything, nor Im 100% right. Go > ahead, > > debate away. But I dont want any part of it, Ill tell you that! > > > > If you dont understand the ramnifications of packet filetering, > NAT, etc > > then you have *no* business running this software. We are not > Microsoft or > > Wingate, opening yuor machine to a wider world. > > > > What if somebodys iptables script is made into an ebuild, and said > script > > turns out to be flawed, perhaps seriously? Then its "hey, yeah > those guys > > at gentoo have a firewall setup like swiss cheese.". What > interfaces are > > yuo going to configure this ebuild for? eth0 and eth1? how about > ppp? maybe > > an isdn interface? How do yuo choose? Im going to say this again, > it is > > %100 configuration. This is *not* the domain of a package. It is > the domain > > of a system administrator. This is 1 file we're talking about here > people, > > not a series of docs, scripts, config files. *most* of them > anyway. There > > *are* some that come with external configs. But thats all beside > the point. > > The script needs to be edited. This whole thing started because we > > basically had a post to the devel list of the flavour: "I need an > iptables > > HOWTO". > > > > What are you going to do about the kernel modules? Did you know > that > > the netfilter modules are built at the kernel level? How are you > going to > > DEPEND on that? > > > > This is bad policy. A distribution should *not* be dictating > *policy*. To > > not understand that is a big mistake. Listen, Redhat and Mandrake > are > > the kinds of distros doing this stuff! Making Linux into a 1-click > affair. > > This is not our primary intention. Not at this stage anyway! > > > > So feel free to debate it all you want, I wont be having *any* > part in it > > Ill tell you that! > > Yep, I agree too. This really needs to be documentation-documentation-documentation. There should be HOWTOs tailored to the gentoo way for most of the things everyone would like to do. -- Collins Richey Denver Area gentoo_rc6 xfce+sylpheed