On Sunday 19 September 2004 10:00, Paul G Rogers wrote: > >From: Tom Eastep <[EMAIL PROTECTED]> > >I concluded that it was better to force users to deal with "real" > >Shorewall configuration from the outset. > > Tom, I agree with that, but if parameterization simplifies initial > installation of the default Shorewall, that would be worthwhile. I > suppose anybody who knows they need customized tables won't have any > problems with the paradigm shift. You're still providing a simpler way > for the average user to get his LEAF firewall functioning.
If you would like to resurrect and support the old files, you are welcome to. They are totally separate from Shorewall and rely on Shorewall's ability to expand shell variables. Just be sure to document fully that if a user wants to do something that the fill-in-the-blank files don't support then it is necessary to essentially start over. > > The bottom line is if users want/need a firewall, they will use one they > can use. If LEAF developers insist the user has to know his/her way > around a dozen *nix configuration files, then those are the only users > who will gravitate to LEAF. That's by far a minority of all the users > who want/need a firewall like LEAF. It's not enough to provide the > documentation, for a first time user the documentation itself can be > daunting--it's written by the experts! Speaking only for myself, I have never targeted Shorewall at first-time newbies; I think it is an overkill for what most of those folks need. I have tried to provide sufficient documentation that those who want to learn more can do so. > > > >Any ideas how to make installation/configuration easier? > > Firewall users are not so likely to be Linux users. Most Linux distros > come with installable/installed firewalls, and workstations can be made > fairly secure in themselves. A LEAF installation tool should either run > with whatever OS the user has and is seeking to protect, i.e. most likely > Windows, or it should include its own OS. Do the developers want to > develop a Windows-based customization tool? Now, one of LEAF's > attractions is running from a floppy, but even with a 1680KB floppy > there's little room left. So if developers choose this route the initial > download would likely be two diskettes, one for the customization tool > and some packages, and one for the common code base to be customized. > Certainly both are do-able, but trying to develop a useful customization > tool isn't easy. Do you really think that diskettes should be part of any "new" solution? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpSsSUs9Zq0H.pgp
Description: signature
