On Fri, 2003-08-29 at 10:44, Steve Lamb wrote: > On 29 Aug 2003 10:26:57 -0400 > Bret Comstock Waldow <[EMAIL PROTECTED]> wrote: > > Yes, this is a fun place we all get to be individuals in, joking with > > each other. OTOH, I'm a Software Quality Assurance Analyst for a > > living, and you don't leave users high and dry, and you don't play with > > them. That's not helpful. > > Why any user would want to start off with iptables when the examples > provided point to several far easier and more comprehensive methods of > handling those rules is beyond me. Stock answer to anyone who wants to muck > around with firewall rules: > > aptitude install shorewall > > Until you got that down pat you've no business poking directly with > iptables directly IMHO.
And now I've heard your opinion. (No deprecation intended, please read on). Notice what I've gone through to get to a place where I get to hear it. Next, are you correct? Are you correct in my case? The reason I switched to Debian is that Red Hat is too proprietary. They make non-standard patches to the kernel, they've worked up a framework for administrating their distro, etc. that are proprietary. To work with it, I have to study Red Hat-isms, that don't apply to anything else. I've also used SuSE, which is great, but the same or worse than Red Hat. Suggestions I found on the web wouldn't work in either sometimes - they're set up in non-standard ways. So, I can invest my time into studying their proprietary systems, or... I went looking for something more "just Linux", and Debian seems to meet the criteria (although the .deb system is specialized - still, it is widespread). So, the question is, what do I spend my time and attention studying? I've got two external intefaces, eth0 and ppp0. I've got two virtual internal interfaces to VMware, vmnet0 as a bridge to the Internet, and vmnet1 as a bridge to the host filesystem via samba. Lokkit locked up access to the host fs. firestarter also didn't handle vmnetX. fwbuilder looks great, but I need to know all the network stuff anyway to use it. How much study does it take for me to know enough about shorewall, fwbuider, firestarter, etc. to know it will solve my problems, how to use it, how to be sure of the implications, gotchas, etc.? And what do I have to study to know that? Should I put my effort into understanding iptables in the first place so I can evaluate what shorewall does, or put my effort into trying to get shorewall to do something (I can't evaluate if it's working - I don't know enough. What isn't it covering? How do I know?) Which comes first, the chicken or the egg? (I know - it's the rooster.) I got upset when the only answer I found was when someone implied they knew something important, but left few pointers to what it was. He was happy to spend a couple of paragraphs repeatedly emphasizing that there was something important - why didn't he spend a paragraph stating what it was? "I don't like this because <phrase #1 to look up on google>, <phrase #2 to look up on google>, and/or <phrase #3 to look up on google>." Sorted. Done. Beyond that, I'm willing to put in the time to learn. I'm doing that now. Cheers, Bret -- bwaldow at alum dot mit dot edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
