From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: * X-Spam-Status: No, score=1.1 required=5.0 tests=DATE_IN_PAST_12_24,DMARC_NONE, INVALID_DATE,MAILING_LIST_MULTI autolearn=no autolearn_force=no version=4.0.0 Received: from femail36.sdc1.sfba.home.com ([24.254.60.26]) by cvs.gentoo.org with esmtp (Exim 3.30 #1) id 15orqN-0007Tm-00 for gentoo-dev@cvs.gentoo.org; Wed, 03 Oct 2001 13:38:11 -0600 Received: from gentoo.org ([24.101.166.196]) by femail36.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011003193853.KAFJ2107.femail36.sdc1.sfba.home.com@gentoo.org> for ; Wed, 3 Oct 2001 12:38:53 -0700 Message-ID: <3BBB6849.2467BBFE@gentoo.org> From: Donny Davies X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: gentoo-dev@cvs.gentoo.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: [gentoo-dev] NAT iptables info Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Wed Oct 3 13:39:02 2001 X-Original-Date: Wed, 03 Oct 2001 15:34:34 -0400 X-Archives-Salt: f64aeaf9-4ed3-4dd1-9797-c551f1a6661b X-Archives-Hash: 0f712a3faaa8d1720e004718cbf11949 Nope. Sorry. Im not in agreement in this at all. Of course, its open to debate, Im not saying I know everything, nor Im 100% right. Go ahead, debate away. But I dont want any part of it, Ill tell you that! If you dont understand the ramnifications of packet filetering, NAT, etc then you have *no* business running this software. We are not Microsoft or Wingate, opening yuor machine to a wider world. What if somebodys iptables script is made into an ebuild, and said script turns out to be flawed, perhaps seriously? Then its "hey, yeah those guys at gentoo have a firewall setup like swiss cheese.". What interfaces are yuo going to configure this ebuild for? eth0 and eth1? how about ppp? maybe an isdn interface? How do yuo choose? Im going to say this again, it is %100 configuration. This is *not* the domain of a package. It is the domain of a system administrator. This is 1 file we're talking about here people, not a series of docs, scripts, config files. *most* of them anyway. There *are* some that come with external configs. But thats all beside the point. The script needs to be edited. This whole thing started because we basically had a post to the devel list of the flavour: "I need an iptables HOWTO". What are you going to do about the kernel modules? Did you know that the netfilter modules are built at the kernel level? How are you going to DEPEND on that? This is bad policy. A distribution should *not* be dictating *policy*. To not understand that is a big mistake. Listen, Redhat and Mandrake are the kinds of distros doing this stuff! Making Linux into a 1-click affair. This is not our primary intention. Not at this stage anyway! So feel free to debate it all you want, I wont be having *any* part in it Ill tell you that! Cheers! -- Donny