From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EDSB3-0006H1-KG for garchives@archives.gentoo.org; Thu, 08 Sep 2005 19:35:18 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j88JUPpl018587; Thu, 8 Sep 2005 19:30:25 GMT Received: from popmail.jettissystems.com (popmail.jettissystems.com [38.118.146.212]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j88JQftp012150 for ; Thu, 8 Sep 2005 19:26:41 GMT Received: from [10.20.16.109] (unknown [10.20.16.109]) by popmail.jettissystems.com (Postfix) with ESMTP id BD72056D490 for ; Thu, 8 Sep 2005 12:30:21 -0700 (PDT) Message-ID: <4320914B.6050807@badapple.net> Date: Thu, 08 Sep 2005 14:30:19 -0500 From: kashani User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: iptables example on Gentoo References: <005201c5b3e5$dad1ea80$4501010a@jnetlab.lcl> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 53838c55-8639-4fd1-a908-b18b25173dba X-Archives-Hash: 46764419c581cf65fa5b61d57b9ec17e James wrote: > OK, whatever this means.... > > Sorry to offend, but, I did not like having Shorewall or anything > else shove down my throat. The title of the email was > and is 'iptables example on Gentoo'. It a shame we had to get so > heated before folks actually started talking about iptables/netfilter, > and not some intermediary.... I think it's fairly rational for people to answer "I use Shorewall to create my iptables rules" in response to your original question. While not the answer you might have been looking for it does answer the question. And frankly I can do without the bad ol' days of writing my own ipchains rules... what a mess that was. I suspect most people who answered you feel the same way and would rather spend their time doing other things. In my case I have a set of firewalls I never touch and forty odd web servers. I believe my time is better spent letting a well respected program setup my firewall rather than mucking about myself. Much like I let Gentoo build packages for me rather than do my own source installs. To bring things full circle I *actually* had a chat with my motorcycle mechanic last week about carbs. I buy parts from him a little above market plus a six pack and he tells me how to install it or what to watch out for thus saving me $75/hour. This week I mentioned some overly complicated work I was planning that he suggested might not be in my engine's best interest. A point he punctuated after lecturing me 15 minutes for even mentioning the hard method by throwing 20lbs of broken carbs across the garage in my general direction. I think you got off easy in comparison. :-) The moral of the stories is two part: Sometimes the easy way is actually the best way; You can do it the hard way, but don't expect people to help. However feel free to get your hands dirty in iptables you may enjoy it and find it useful especially if you're a full time security guy. I've been there and have neither the interest nor time to do something by hand with decent tools availible. kashani, who found Fortran 77 a vast relief after Assembler for the IBM Mini Computer. -- gentoo-user@gentoo.org mailing list