From: Donny Davies <woodchip@gentoo.org>
To: gentoo-dev@cvs.gentoo.org
Subject: [gentoo-dev] NAT iptables info
Date: Wed Oct 3 13:39:02 2001 [thread overview]
Message-ID: <3BBB6849.2467BBFE@gentoo.org> (raw)
Nope. Sorry. Im not in agreement in this at all. Of course, its open to debate,
Im not saying I know everything, nor Im 100% right. Go ahead, debate away.
But I dont want any part of it, Ill tell you that!
If you dont understand the ramnifications of packet filetering, NAT, etc then
you have *no* business running this software. We are not Microsoft or Wingate,
opening yuor machine to a wider world.
What if somebodys iptables script is made into an ebuild, and said script turns
out to be flawed, perhaps seriously? Then its "hey, yeah those guys at gentoo
have a firewall setup like swiss cheese.". What interfaces are yuo going to
configure this ebuild for? eth0 and eth1? how about ppp? maybe an isdn
interface? How do yuo choose? Im going to say this again, it is %100
configuration. This is *not* the domain of a package. It is the domain of
a system administrator. This is 1 file we're talking about here people, not
a series of docs, scripts, config files. *most* of them anyway. There *are*
some that come with external configs. But thats all beside the point. The
script needs to be edited. This whole thing started because we basically had
a post to the devel list of the flavour: "I need an iptables HOWTO".
What are you going to do about the kernel modules? Did you know that
the netfilter modules are built at the kernel level? How are you going to
DEPEND on that?
This is bad policy. A distribution should *not* be dictating *policy*. To
not understand that is a big mistake. Listen, Redhat and Mandrake are
the kinds of distros doing this stuff! Making Linux into a 1-click affair.
This is not our primary intention. Not at this stage anyway!
So feel free to debate it all you want, I wont be having *any* part in it
Ill tell you that!
Cheers!
--
Donny
next reply other threads:[~2001-10-03 19:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-03 13:39 Donny Davies [this message]
2001-10-03 13:46 ` [gentoo-dev] NAT iptables info Michael M Nazaroff
2001-10-03 18:12 ` Collins Richey
-- strict thread matches above, loose matches on Subject: below --
2001-10-04 14:48 Sherman Boyd
2001-10-03 13:53 Sean Mitchell
2001-10-04 4:54 ` Djamil ESSAISSI
2001-10-04 13:29 ` Daniel Robbins
2001-10-04 14:31 ` Nathaniel Grady
2001-10-05 3:47 ` Djamil ESSAISSI
2001-10-05 10:28 ` Daniel Robbins
2001-10-03 13:15 Sherman Boyd
2001-10-01 15:02 Donny Davies
2001-10-01 20:29 ` Chad Huneycutt
2001-10-02 4:13 ` Djamil ESSAISSI
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3BBB6849.2467BBFE@gentoo.org \
--to=woodchip@gentoo.org \
--cc=gentoo-dev@cvs.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox