[Shorewall-users] Parameterized Samples Withdrawn

Manuel Pompeia Santos mpompeia@arundel.homelinux.org
08 Apr 2002 22:11:35 +0100


--=-TrfCsVshau2qpgHlXwMC
Content-Type: multipart/alternative; boundary="=-MMTADKjImPtnd7q7TKM+"


--=-MMTADKjImPtnd7q7TKM+
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi Tom,

I completely agree with Richard, what seems to be the problem with
samples?

On Mon, 2002-04-08 at 21:37, Richard Kimber wrote:

    On Mon, 8 Apr 2002 12:47:50 -0700 (Pacific Daylight Time)
    Tom Eastep <teastep@shorewall.net> wrote:
   =20
    > Although the parameterized samples have allowed people to get a firew=
all
    > up and running quickly, they have unfortunately set the wrong level o=
f
    > expectation among those who have used them. I am therefore withdrawin=
g
    > support for the samples and I am recommending that they not be used i=
n
    > new Shorewall installations.
   =20
   =20
    > Tom Eastep    \ Shorewall - iptables made easy
   =20
    But aren't they what make it specially easy?
   =20
    Could you indicate what specific problems there have been? (I've just u=
sed
    one in today's installation, am I vulnerable?).
   =20
    There's a strong case for a single user sample, simply because single
    users (like me) not only haven't mastered iptables, but also can become
    confused by the excellent but large amount of information provided for
    knowledgeable people with more complex setups, and often don't know wha=
t
    strategy to adopt, and what the implication of some of the terminology
    are.
   =20
    Single, inexpert, directly connected, users basically need an easily
    installable firewall that allows them to perform all the basic outgoing
    functions (i.e. allow responses to everything they have initiated), all=
ows
    in stuff from their UBR, DNS server, DHCP server, and the cable modem, =
and
    prohibit everything else.  That sounds to a newbie like me like a
    candidate for a standard setup sample.
   =20
    - Richard.
    --=20
    Richard Kimber
    Political Science Resources        http://www.psr.keele.ac.uk/
   =20
    UK-Euro FAQ          http://www.psr.keele.ac.uk/docs/efaq.htm
    _______________________________________________
    Shorewall-users mailing list
    Shorewall-users@shorewall.net

http://www.shorewall.net/mailman/listinfo/shorewall-users
--=20
The right to read is a battle being fought today...
http://www.gnu.org/philosophy/right-to-read.html

--=-MMTADKjImPtnd7q7TKM+
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/1.0.2">
</HEAD>
<BODY>
Hi Tom,
<BR>

<BR>
I completely agree with Richard, what seems to be the problem with samples?
<BR>

<BR>
On Mon, 2002-04-08 at 21:37, Richard Kimber wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>On Mon, 8 Apr 2002 12:47:5=
0 -0700 (Pacific Daylight Time)</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>Tom Eastep &lt;teastep@shorewal=
l.net&gt; wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>&gt; Although the parameterized=
 samples have allowed people to get a firewall</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>&gt; up and running quickly, th=
ey have unfortunately set the wrong level of</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>&gt; expectation among those wh=
o have used them. I am therefore withdrawing</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>&gt; support for the samples an=
d I am recommending that they not be used in</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>&gt; new Shorewall installation=
s.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>&gt; Tom Eastep    \ Shorewall =
- iptables made easy</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>But aren't they what make it sp=
ecially easy?</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>Could you indicate what specifi=
c problems there have been? (I've just used</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>one in today's installation, am=
 I vulnerable?).</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>There's a strong case for a sin=
gle user sample, simply because single</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>users (like me) not only haven'=
t mastered iptables, but also can become</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>confused by the excellent but l=
arge amount of information provided for</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>knowledgeable people with more =
complex setups, and often don't know what</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>strategy to adopt, and what the=
 implication of some of the terminology</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>are.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>Single, inexpert, directly conn=
ected, users basically need an easily</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>installable firewall that allow=
s them to perform all the basic outgoing</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>functions (i.e. allow responses=
 to everything they have initiated), allows</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>in stuff from their UBR, DNS se=
rver, DHCP server, and the cable modem, and</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>prohibit everything else.  That=
 sounds to a newbie like me like a</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>candidate for a standard setup =
sample.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>- Richard.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>-- </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>Richard Kimber</FONT></FONT></I=
>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>Political Science Resources    =
    http://www.psr.keele.ac.uk/</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>UK-Euro FAQ          http://www=
.psr.keele.ac.uk/docs/efaq.htm</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>_______________________________=
________________</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>Shorewall-users mailing list</F=
ONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT SIZE=3D"3"><I>Shorewall-users@shorewall.net</=
FONT></FONT></I></PRE>
    </BLOCKQUOTE>
<A HREF=3D"http://www.shorewall.net/mailman/listinfo/shorewall-users"><FONT=
 SIZE=3D"3"><I>http://www.shorewall.net/mailman/listinfo/shorewall-users</F=
ONT></I></A>
<TABLE CELLSPACING=3D"0" CELLPADDING=3D"0" WIDTH=3D"100%">
<TR>
<TD>
<PRE>--=20
The right to read is a battle being fought today...
http://www.gnu.org/philosophy/right-to-read.html</PRE>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-MMTADKjImPtnd7q7TKM+--

--=-TrfCsVshau2qpgHlXwMC
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8sgeGe2qYn+pvHIERApEkAJ9T57DXlZXmKHTeWT0nSqDcjexV7gCghOXq
rZmGTJKGYUESssw7TBLNH6Q=
=4FvM
-----END PGP SIGNATURE-----

--=-TrfCsVshau2qpgHlXwMC--