From: "Sherman Boyd" <shermanb@clh.com>
To: <gentoo-dev@cvs.gentoo.org>
Subject: RE: [gentoo-dev] NAT iptables info
Date: Wed Oct 3 13:15:01 2001 [thread overview]
Message-ID: <sbbb002c.071@mail.clh.com> (raw)
What about a configuration packages? I think that the default settings of an ebuild should be conservative and secure, but when you start talking about ebuilds with lots of configuration options you see a need for a what Chad is talking about. How about:
emerge rusty_impervious_firewall.x.y.z.econf
or maybe it should be a separate tool:
econfig tonys_sweet_gnome_setup.x.y.z.econf
That way we can keep configuration and installation in separation.
-sherman
-----Original Message-----
From: Chad Huneycutt <chad.huneycutt@acm.org>
Sent: Monday, October 01, 2001 7:30 PM
To: <gentoo-dev@cvs.gentoo.org>
Subject: Re: [gentoo-dev] NAT iptables info
Donny Davies wrote:
>To provide some kind of gentoo firewall is, hmm, well silly. Its %100
>configuration. This is not the domain of a 'package', 'rpm' or ebuild.
>
I don't completely agree with this. While questions like "How do I set
up a firewall?" are not completely germaine to this mailing list, the
above statement is your opinion and open for discussion here. I think
that it is a very good idea to provide several basic scripts for common
configurations. If they are already out there, then great!, we should
include them in an ebuild. It is a much better policy to have the
network default to a secure state (such as the Rusty's script that
allows no incoming connections) than to leave it wide open, and let the
potentially newbie sysadmin get hacked.
It would be nice to bring up a semi secure, masquerading (or whatever
they are calling it these days) firewall box with little effort. From
there, one can learn about iptables and such things to customize it further.
Just some thoughts from someone who hasn't delved into iptables yet,
Chad
_______________________________________________
gentoo dev mailing list
gentoo dev@cvs.gentoo.org
http://cvs.gentoo.org/mailman/listinfo/gentoo dev
next reply other threads:[~2001-10-03 19:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-03 13:15 Sherman Boyd [this message]
-- strict thread matches above, loose matches on Subject: below --
2001-10-04 14:48 [gentoo-dev] NAT iptables info Sherman Boyd
2001-10-03 13:53 Sean Mitchell
2001-10-04 4:54 ` Djamil ESSAISSI
2001-10-04 13:29 ` Daniel Robbins
2001-10-04 14:31 ` Nathaniel Grady
2001-10-05 3:47 ` Djamil ESSAISSI
2001-10-05 10:28 ` Daniel Robbins
2001-10-03 13:39 Donny Davies
2001-10-03 13:46 ` Michael M Nazaroff
2001-10-03 18:12 ` Collins Richey
2001-10-01 15:02 Donny Davies
2001-10-01 20:29 ` Chad Huneycutt
2001-10-02 4:13 ` Djamil ESSAISSI
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=sbbb002c.071@mail.clh.com \
--to=shermanb@clh.com \
--cc=gentoo-dev@cvs.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox