[Shorewall-users] Parameterized Samples Withdrawn

Tom Eastep teastep@shorewall.net
Mon, 8 Apr 2002 20:25:49 -0700 (Pacific Daylight Time)


Jim,

On Mon, 8 Apr 2002, Jim Hubbard wrote:

> Tom,
> I wish you wouldn't withdraw the samples.  The reason people like me ask so
> many dumb questions is because there are a lot of us who would prefer to
> learn by modifying a sample and playing with it instead of by reading the
> very complete, but (typical of Linux) lengthy documentation.  We don't want
> to know how Shorewall works, all we want to know is how to turn the darn
> thing on and off.  Newbies don't care about ipsec tunnels, proxies, or
> traffic shaping.  All we want is to do is install it, make a couple of quick
> modifications, then have a beer; content in the thought that our security
> isn't perfect, and it may not work at all, but it's bound to be better than
> it was.  We'll tighten it up tomorrow.
>
> The question is one of viewpoints, and it's a common situation with Linux.
> At one end we have the new user who just wants to "try" Linux and get it to
> do something - anything useful with a minumum of effort.  At the other end
> is the guru, who is tired of answering the same silly questions and would
> rather the user read and understand the whole thing first.  The newbie just
> wants it to work; he doesn't care how, how well, or why right now because
> he'll read the docs and tweak his setup later (maybe).  Newbies don't want
> to read and understand, we want a sample and some quick pointers for common
> setups.  Once our firewall is running and everything still works, THEN we'll
> read.  It's kinda like those instructions that came with your kid's bike.
> Nobody reads those first; we look at the pictures, bolt it all together, and
> then we read to figure out where all the extra parts go.  It's just human
> nature.
>
> I installed Shorewall today on a server that's already behind a firewall.
> But without a sample to follow, know what I did?  Skimmed the documentation,
> then started playing with it.  I figured I could at least gain a little more
> security without breaking anything.  After about 2 hours I had to leave, so
> here's my temporary solution:
>
> /etc/shorewall/policy
> all	all	ACCEPT
>
> I'm dreading reading the documentation again, but the system had no firewall
> before, so I'm having a beer anyway.  Sure would have been easier with a
> sample.
>

You have eloquently expressed that for newbies the Shorewall Documentation
sucks. Fine -- let's fix that so that users who "don't want to know how
Shorewall works" will be dragged kicking and screaming to the point where
they can do something more in two hours than type a single entry in the
policy file. Ignorance isn't bliss....

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net