[Shorewall-users] Parameterized Samples Withdrawn

admin@kiteflyer.com admin@kiteflyer.com
Tue, 9 Apr 2002 16:32:29 GMT


Ok, I'm posting again,

I still don't get what the big deal is for "newbies" (of which I consider 
myself one).I can certainly understand where most are comming from, I hate the 
fact that I sometimes have to read 20 pages of faqs to find a basic setup 
(examples speak 1000 words - thanks tom). It's nice to be able to utilize 
someone else's work or have it work right out the box.

The issue here is if it is a better idea to have a file that lists:
$INET_HOST= , $LOCAL_HOST=, etc.

or to say:
your internet address must be defined in the interface file "NET ETH0" etc.

For most newbies, I assume Shorewall is used as a firewall between a windows 
machine (or machines) and the internet. It will do nothing more than "protect" 
them and act as a MASQ (proxy) for the local network.
In shorewall's out the box form, it does just that. I only see three main steps 
for a newbie:
define the net interface.
define the local interface.
define the interface to be MASQed.
Voila!

It's only when you start mangling that you get into trouble ("but I want to run 
a mail/web/game/??? server"). At that point I think you owe it to yourself to 
learn what the rules you are creating really mean (unless you like being hacked 
and becoming a spam relay, warez server, etc.).

OK, so maybe we need a better "newbie" document - say "Shorewall in 10 minutes 
or less", but I don't see the advantage to having new users learn how to use 
Shorewall twice. It wasn't fun.

Wayne
admin@kiteflyer.com



---------------------------------------------