From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_12_24, DMARC_MISSING,INVALID_DATE,MAILING_LIST_MULTI autolearn=no autolearn_force=no version=4.0.0 Received: from athm-209-218-xxx-3.home.net ([209.218.141.3] helo=mail.clh.com) by cvs.gentoo.org with smtp (Exim 3.30 #1) id 15orT9-0007Nz-00 for gentoo-dev@cvs.gentoo.org; Wed, 03 Oct 2001 13:14:11 -0600 Received: from DOMAIN_PHX-Message_Server by mail.clh.com with Novell_GroupWise; Wed, 03 Oct 2001 12:10:20 -0700 Message-Id: X-Mailer: Novell GroupWise 5.5 From: "Sherman Boyd" To: Subject: RE: [gentoo-dev] NAT iptables info Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Wed Oct 3 13:15:01 2001 X-Original-Date: Wed, 03 Oct 2001 10:06:41 -0700 X-Archives-Salt: 5ac2d64b-a505-4bcf-9e3b-ed2f29b41cc2 X-Archives-Hash: 742434bf67f644dd7078fdae9bc1b530 What about a configuration packages? I think that the default settings of = an ebuild should be conservative and secure, but when you start talking = about ebuilds with lots of configuration options you see a need for a what = Chad is talking about. How about: =20 emerge rusty_impervious_firewall.x.y.z.econf =20 or maybe it should be a separate tool: =20 econfig tonys_sweet_gnome_setup.x.y.z.econf =20 That way we can keep configuration and installation in separation. =20 -sherman =20 -----Original Message----- From: Chad Huneycutt =20 Sent: Monday, October 01, 2001 7:30 PM To: Subject: Re: [gentoo-dev] NAT iptables info Donny Davies wrote:=20 >To provide some kind of gentoo firewall is, hmm, well silly. Its = %100=20 >configuration. This is not the domain of a 'package', 'rpm' or ebuild.=20 >=20 I don't completely agree with this. While questions like "How do I set=20 up a firewall?" are not completely germaine to this mailing list, the=20 above statement is your opinion and open for discussion here. I think=20 that it is a very good idea to provide several basic scripts for common=20 configurations. If they are already out there, then great!, we should=20 include them in an ebuild. It is a much better policy to have the=20 network default to a secure state (such as the Rusty's script that=20 allows no incoming connections) than to leave it wide open, and let the=20 potentially newbie sysadmin get hacked.=20 It would be nice to bring up a semi secure, masquerading (or = whatever=20 they are calling it these days) firewall box with little effort. From=20 there, one can learn about iptables and such things to customize it = further.=20 Just some thoughts from someone who hasn't delved into iptables = yet,=20 Chad=20 _______________________________________________=20 gentoo dev mailing list=20 gentoo dev@cvs.gentoo.org=20 http://cvs.gentoo.org/mailman/listinfo/gentoo dev=20