On Sunday 06 January 2002 10:15 pm, Scott C. Best wrote: > > Hope that answers your question! I'd be interested in > hearing what the other package providers think about the > "target user" thing. >
Neither Seawall nor Shorewall are specifically targeted at LEAF/LRP users since both run on most Linux distributions. Seawall grew without any firm ideas about what it should (and should not) be. I built the original Seawall scripts because I needed a firewall for my own home office and made them available to others who had similar requirements. At its core, Seawall is a masquerading gateway and it works poorly (or not at all) if you try to make it do something different. If I had to define a target user for Seawall today, it would be a beginning to intermediate Linux user with a single (static or dynamic) network IP address and who for one reason or another, cannot move to a 2.4 kernel. With Shorewall (which only runs on 2.4 kernels), I have attempted to provide a very flexible firewall framework at the expense of making it more difficult for newbies to use. This approach was prompted by my frustration about all of the things that Seawall can't do well. With Shorewall, I really don't have a target user in mind -- I've tried to make it handle all of the various (reasonable) requirements that I've seen since getting involved with firewalls. To address the needs of the newbie, I have recently added parameterized sample configurations for one-, two- and three-interface setups. With these, the user replaces some of the Shorewall configuration files with files from the appropriate sample then edits /etc/shorewall/params to match their configuration. This makes it simple to set up simple configurations and follows the design principle that "it must be simple to do simple things". I think that the idea of having a generalized firewall engine with add-ons that provide different classes of users with different levels of abstraction is a good one. It allows the advanced user to use the engine directly while hiding the details from those users who don't need or want to know them. The next step along this path is a Shorewall GUI that I'm currently working on. -Tom -- Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
