[Shorewall-users] Parameterized Samples Withdrawn
Tue, 9 Apr 2002 16:32:29 GMT
Ok, I'm posting again,
I still don't get what the big deal is for "newbies" (of which I consider
myself one).I can certainly understand where most are comming from, I hate the
fact that I sometimes have to read 20 pages of faqs to find a basic setup
(examples speak 1000 words - thanks tom). It's nice to be able to utilize
someone else's work or have it work right out the box.
The issue here is if it is a better idea to have a file that lists:
$INET_HOST= , $LOCAL_HOST=, etc.
or to say:
your internet address must be defined in the interface file "NET ETH0" etc.
For most newbies, I assume Shorewall is used as a firewall between a windows
machine (or machines) and the internet. It will do nothing more than "protect"
them and act as a MASQ (proxy) for the local network.
In shorewall's out the box form, it does just that. I only see three main steps
for a newbie:
define the net interface.
define the local interface.
define the interface to be MASQed.
It's only when you start mangling that you get into trouble ("but I want to run
a mail/web/game/??? server"). At that point I think you owe it to yourself to
learn what the rules you are creating really mean (unless you like being hacked
and becoming a spam relay, warez server, etc.).
OK, so maybe we need a better "newbie" document - say "Shorewall in 10 minutes
or less", but I don't see the advantage to having new users learn how to use
Shorewall twice. It wasn't fun.