[Shorewall-users] Parameterized Samples Withdrawn

Richard Kimber rkimber@ntlworld.com
Tue, 9 Apr 2002 15:19:54 +0100


On Mon, 8 Apr 2002 23:12:56 EST
admin@kiteflyer.com wrote:

> Although the parameterized solutions may get you off the ground quicker,
> it is not that much more trouble to configure the few entries needed by

It's not (for me at least) a matter of taking the trouble to do something,
I'm prepared to do a great deal.  The problem lies in not having the
understanding to be able to do something that is potentially dangerous
with confidence.

> a default system. After using Shorewall for quite a while now, I
> progressed from a basic two port version (with IPchains firewall
> behind), to a three port version. There was a bit of a learning curve,
> but it was in my interest to learn.

There's a difficult problem here, to do with what one's relationship to
the computer is.  People like me use it essentially for non-computing
ends: writing simple programs to analyse election results, and running a
largish website of resources.  These activities in themselves take up
large amounts of time.  Then there is keeping my distribution up to
scratch and housekeeping (e.g. doing backups), getting necessary apps
working, and so on ....   Unless one is a systems administrator by
inclination or profession, there isn't the time, or the need, to embark on
such a learning curve.  The knowledge gained would be discarded
immediately the firewall was up and running.  For many people like me
setting up a firewall is a once-and-for-all process that doesn't justify a
big learning investment.

If I can draw an analogy, it's a bit like the kernel - it's crucial, but
all I need to do is use the wizard (i.e. make xconfig) and then go through
the make process.  I don't understand anything about how it works, and
could never write a kernel patch.  I think that's how a firewall should
be.  Simple to set up for basic situations, but modifiable by those who
need something different and more complex and know how to do it.

BTW, in case it hasn't come through what I've been saying, I think
Shorewall is an impressive product - which is of course why I chose to try
it.  I'm just making a plea not to forget the many who are in my type of
situation (as Linux becomes more popular and broadband becomes more
widespread, we shall become more numerous).

-Richard.
-- 
Richard Kimber
Political Science Resources        http://www.psr.keele.ac.uk/

UK-Euro FAQ          http://www.psr.keele.ac.uk/docs/efaq.htm