[Shorewall-users] Parameterized Samples Withdrawn

Richard Kimber rkimber@ntlworld.com
Mon, 8 Apr 2002 21:37:22 +0100

On Mon, 8 Apr 2002 12:47:50 -0700 (Pacific Daylight Time)
Tom Eastep <teastep@shorewall.net> wrote:

> Although the parameterized samples have allowed people to get a firewall
> up and running quickly, they have unfortunately set the wrong level of
> expectation among those who have used them. I am therefore withdrawing
> support for the samples and I am recommending that they not be used in
> new Shorewall installations.

> Tom Eastep    \ Shorewall - iptables made easy

But aren't they what make it specially easy?

Could you indicate what specific problems there have been? (I've just used
one in today's installation, am I vulnerable?).

There's a strong case for a single user sample, simply because single
users (like me) not only haven't mastered iptables, but also can become
confused by the excellent but large amount of information provided for
knowledgeable people with more complex setups, and often don't know what
strategy to adopt, and what the implication of some of the terminology

Single, inexpert, directly connected, users basically need an easily
installable firewall that allows them to perform all the basic outgoing
functions (i.e. allow responses to everything they have initiated), allows
in stuff from their UBR, DNS server, DHCP server, and the cable modem, and
prohibit everything else.  That sounds to a newbie like me like a
candidate for a standard setup sample.

- Richard.
Richard Kimber
Political Science Resources        http://www.psr.keele.ac.uk/

UK-Euro FAQ          http://www.psr.keele.ac.uk/docs/efaq.htm