[Shorewall-users] Parameterized Samples Withdrawn

Jim Hubbard jimh@xlproject.com
Mon, 8 Apr 2002 23:06:53 -0400


Tom,
I wish you wouldn't withdraw the samples.  The reason people like me ask so
many dumb questions is because there are a lot of us who would prefer to
learn by modifying a sample and playing with it instead of by reading the
very complete, but (typical of Linux) lengthy documentation.  We don't want
to know how Shorewall works, all we want to know is how to turn the darn
thing on and off.  Newbies don't care about ipsec tunnels, proxies, or
traffic shaping.  All we want is to do is install it, make a couple of quick
modifications, then have a beer; content in the thought that our security
isn't perfect, and it may not work at all, but it's bound to be better than
it was.  We'll tighten it up tomorrow.

The question is one of viewpoints, and it's a common situation with Linux.
At one end we have the new user who just wants to "try" Linux and get it to
do something - anything useful with a minumum of effort.  At the other end
is the guru, who is tired of answering the same silly questions and would
rather the user read and understand the whole thing first.  The newbie just
wants it to work; he doesn't care how, how well, or why right now because
he'll read the docs and tweak his setup later (maybe).  Newbies don't want
to read and understand, we want a sample and some quick pointers for common
setups.  Once our firewall is running and everything still works, THEN we'll
read.  It's kinda like those instructions that came with your kid's bike.
Nobody reads those first; we look at the pictures, bolt it all together, and
then we read to figure out where all the extra parts go.  It's just human
nature.

I installed Shorewall today on a server that's already behind a firewall.
But without a sample to follow, know what I did?  Skimmed the documentation,
then started playing with it.  I figured I could at least gain a little more
security without breaking anything.  After about 2 hours I had to leave, so
here's my temporary solution:

/etc/shorewall/policy
all	all	ACCEPT

I'm dreading reading the documentation again, but the system had no firewall
before, so I'm having a beer anyway.  Sure would have been easier with a
sample.

Sincerely,
Jim Hubbard
jimh@xlproject.com

Visit my website at www.XLProject.com

PS - Why not just ignore any post that begins with "I'm using the __
interface sample"?

_____________________________________________



> -----Original Message-----
> From: shorewall-users-admin@shorewall.net
> [mailto:shorewall-users-admin@shorewall.net]On Behalf Of Tom Eastep
> Sent: Monday, April 08, 2002 3:48 PM
> To: Shorewall Users; Shorewall Announcements
> Subject: [Shorewall-users] Parameterized Samples Withdrawn
>
>
> Although the parameterized samples have allowed people to get a firewall
> up and running quickly, they have unfortunately set the wrong level of
> expectation among those who have used them. I am therefore withdrawing
> support for the samples and I am recommending that they not be used in new
> Shorewall installations.
>
> -Tom
> --
> Tom Eastep    \ Shorewall - iptables made easy
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ teastep@shorewall.net
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users
>