From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: * X-Spam-Status: No, score=1.0 required=5.0 tests=DATE_IN_PAST_12_24, DKIM_ADSP_NXDOMAIN,DMARC_MISSING,INVALID_DATE,MAILING_LIST_MULTI autolearn=no autolearn_force=no version=4.0.0 Received: from client-mail.omnis.com ([216.239.128.24]) by cvs.gentoo.org with smtp (Exim 3.30 #1) id 15orx0-0007YJ-00 for gentoo-dev@cvs.gentoo.org; Wed, 03 Oct 2001 13:45:02 -0600 Received: (qmail 91432 invoked from network); 3 Oct 2001 19:45:26 -0000 Received: from c1725961-a.sttln1.wa.home.com (HELO there) (24.248.98.232) by 0 with SMTP; 3 Oct 2001 19:45:26 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Michael M Nazaroff To: gentoo-dev@cvs.gentoo.org Subject: Re: [gentoo-dev] NAT iptables info X-Mailer: KMail [version 1.3.1] References: <3BBB6849.2467BBFE@gentoo.org> In-Reply-To: <3BBB6849.2467BBFE@gentoo.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Wed Oct 3 13:46:01 2001 X-Original-Date: Wed, 3 Oct 2001 12:51:07 -0700 X-Archives-Salt: 28f2d0ca-4dea-4155-8d84-a28d05e52c4f X-Archives-Hash: e112dbcf657b08b87bc8e0bc3a42f588 On Wednesday 03 October 2001 12:34 pm, you wrote: Just to let everyone know I completely agree with Donny on this...Gentoo should be power house not dumbed down. > Nope. Sorry. Im not in agreement in this at all. Of course, its open to > debate, Im not saying I know everything, nor Im 100% right. Go ahead, > debate away. But I dont want any part of it, Ill tell you that! > > If you dont understand the ramnifications of packet filetering, NAT, etc > then you have *no* business running this software. We are not Microsoft or > Wingate, opening yuor machine to a wider world. > > What if somebodys iptables script is made into an ebuild, and said script > turns out to be flawed, perhaps seriously? Then its "hey, yeah those guys > at gentoo have a firewall setup like swiss cheese.". What interfaces are > yuo going to configure this ebuild for? eth0 and eth1? how about ppp? maybe > an isdn interface? How do yuo choose? Im going to say this again, it is > %100 configuration. This is *not* the domain of a package. It is the domain > of a system administrator. This is 1 file we're talking about here people, > not a series of docs, scripts, config files. *most* of them anyway. There > *are* some that come with external configs. But thats all beside the point. > The script needs to be edited. This whole thing started because we > basically had a post to the devel list of the flavour: "I need an iptables > HOWTO". > > What are you going to do about the kernel modules? Did you know that > the netfilter modules are built at the kernel level? How are you going to > DEPEND on that? > > This is bad policy. A distribution should *not* be dictating *policy*. To > not understand that is a big mistake. Listen, Redhat and Mandrake are > the kinds of distros doing this stuff! Making Linux into a 1-click affair. > This is not our primary intention. Not at this stage anyway! > > So feel free to debate it all you want, I wont be having *any* part in it > Ill tell you that! > > Cheers!