James wrote:
> OK, whatever this means....
Sorry to offend, but, I did not like having Shorewall or anything
else shove down my throat. The title of the email was
and is 'iptables example on Gentoo'. It a shame we had to get so
heated before folks actually started talking about iptables/netfilter,
and not some intermediary....
I think it's fairly rational for people to answer "I use Shorewall to
create my iptables rules" in response to your original question. While
not the answer you might have been looking for it does answer the
question. And frankly I can do without the bad ol' days of writing my
own ipchains rules... what a mess that was. I suspect most people who
answered you feel the same way and would rather spend their time doing
other things. In my case I have a set of firewalls I never touch and
forty odd web servers. I believe my time is better spent letting a well
respected program setup my firewall rather than mucking about myself.
Much like I let Gentoo build packages for me rather than do my own
source installs.
To bring things full circle I *actually* had a chat with my motorcycle
mechanic last week about carbs. I buy parts from him a little above
market plus a six pack and he tells me how to install it or what to
watch out for thus saving me $75/hour. This week I mentioned some overly
complicated work I was planning that he suggested might not be in my
engine's best interest. A point he punctuated after lecturing me 15
minutes for even mentioning the hard method by throwing 20lbs of broken
carbs across the garage in my general direction. I think you got off
easy in comparison. :-)
The moral of the stories is two part:
Sometimes the easy way is actually the best way;
You can do it the hard way, but don't expect people to help.
However feel free to get your hands dirty in iptables you may enjoy it
and find it useful especially if you're a full time security guy. I've
been there and have neither the interest nor time to do something by
hand with decent tools availible.
kashani, who found Fortran 77 a vast relief after Assembler for the IBM
Mini Computer.
--
gentoo-user@gentoo.org mailing list
