From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DATE_IN_PAST_12_24, DMARC_MISSING,INVALID_DATE,MAILING_LIST_MULTI autolearn=no autolearn_force=no version=4.0.0 Received: from athm-209-218-xxx-3.home.net ([209.218.141.3] helo=mail.clh.com) by cvs.gentoo.org with smtp (Exim 3.30 #1) id 15pFOn-0000DI-00 for gentoo-dev@cvs.gentoo.org; Thu, 04 Oct 2001 14:47:18 -0600 Received: from DOMAIN_PHX-Message_Server by mail.clh.com with Novell_GroupWise; Thu, 04 Oct 2001 13:43:13 -0700 Message-Id: X-Mailer: Novell GroupWise 5.5 From: "Sherman Boyd" To: Subject: Re: [gentoo-dev] NAT iptables info Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Thu Oct 4 14:48:02 2001 X-Original-Date: Thu, 04 Oct 2001 08:47:07 -0700 X-Archives-Salt: 6d5c41e9-e8b4-4b73-a65c-8465699b9383 X-Archives-Hash: 41d459ce308c92f2fbfab34a4cdff14d Not in agreement with what? I'm simply asking a question. I understand = what you are saying, but I think you are still stuck on your original = thread with the guy who actually wants a one button firewall. You assume = too much if you think that I am looking for the same thing. Nobody wants = to make gentoo into a zero knowledge distro, so it's real easy to score = some cheap shots making comparisons to Microsoft and Redhat. =20 =20 Configuration is obviously in the domain of a package. Ideally the = default configuration is conservative and secure. The fact is Gentoo is = making policy decision every day, and even deals with optional configuratio= ns. Take /etc/rc.d/config/basic where we have the choice of using either = achim's, drobbin's or pete's favorite console fonts. I like that. Why? = Because even though I have a preference to what my console font is I = really don't give damn. I'm not going to waste too much time researching = different console fonts. So I really appreciate a suggested configuration.= This solution is cool, but it gets more complicated when we get into = desktops. So what I was suggesting was a higher level tool to handle = configurations. Should gentoo provide one default configuration for = GNOME? Or should there be a choice of configurations? Maybe separation = of installation and configuration would be a good thing? I think a = configuration tool moves toward gentoo's goal of being a meta-distribution.= =20 =20 Now I'm not suggesting a configuration tool that can replace the need for = manual configuration, at least in most cases. Just a tool that can manage = multiple optional configurations. I'm with you when you say that an admin = (or user) should understand netfilter before implementing it, and I = disagree with the original poster who wants a easy (but insecure) way to = NAT his network. However there comes a time when you may want the benefit = of someone else's experience. You probably did not write a firewall = script from scratch, or your XFree configuration, and on and on. Chances = are you used a suggested configuration that you modified to suit your = purposes. =20 Anyway it is simply an idea, maybe even a bad one. I'm not terribly = attached to it. I was hoping to open a logical discussion not some = hot-blooded "debate". Nobody is going to turn gentoo into a Mandrake or = Redhat. Documentation is a lot more important than optional configuration = packages. Please tone down the emotion and carefully consider what I am = saying next time. It sounds like we agree on a lot, and even if we = disagree I think it is to everyone's advantage to keep an open mind. =20 -sherman =20 =20 -----Original Message----- From: Donny Davies =20 Sent: Wednesday, October 03, 2001 12:35 PM To: Subject: [gentoo-dev] NAT iptables info Nope. Sorry. Im not in agreement in this at all. Of course, its = open to debate,=20 Im not saying I know everything, nor Im 100% right. Go ahead, debate = away.=20 But I dont want any part of it, Ill tell you that!=20 If you dont understand the ramnifications of packet filetering, = NAT, etc then=20 you have *no* business running this software. We are not Microsoft or = Wingate,=20 opening yuor machine to a wider world.=20 What if somebodys iptables script is made into an ebuild, and said = script turns=20 out to be flawed, perhaps seriously? Then its "hey, yeah those guys at = gentoo=20 have a firewall setup like swiss cheese.". What interfaces are yuo going = to=20 configure this ebuild for? eth0 and eth1? how about ppp? maybe an isdn=20 interface? How do yuo choose? Im going to say this again, it is %100=20 configuration. This is *not* the domain of a package. It is the domain = of=20 a system administrator. This is 1 file we're talking about here people, = not=20 a series of docs, scripts, config files. *most* of them anyway. There = *are*=20 some that come with external configs. But thats all beside the point. = The=20 script needs to be edited. This whole thing started because we basically = had=20 a post to the devel list of the flavour: "I need an iptables HOWTO".=20 What are you going to do about the kernel modules? Did you know = that=20 the netfilter modules are built at the kernel level? How are you going = to=20 DEPEND on that?=20 This is bad policy. A distribution should *not* be dictating = *policy*. To=20 not understand that is a big mistake. Listen, Redhat and Mandrake are=20 the kinds of distros doing this stuff! Making Linux into a 1 click = affair.=20 This is not our primary intention. Not at this stage anyway!=20 So feel free to debate it all you want, I wont be having *any* = part in it=20 Ill tell you that!=20 Cheers!=20 =20 Donny=20 _______________________________________________=20 gentoo dev mailing list=20 gentoo dev@cvs.gentoo.org=20 http://cvs.gentoo.org/mailman/listinfo/gentoo dev=20