* Gabriel Gunderson <[EMAIL PROTECTED]> [2004-04-07 11:22:11 -0600]: > On Wed, 2004-04-07 at 10:01, Andrew Jorgensen wrote: > > On Tue, 2004-04-06 at 17:37, Gabriel Gunderson wrote: > > > You'll never find anything that does it better than writing a script by > > > hand... > > > > When it comes to something security-related this is so very wrong. ... > > ... > > WHAT? I don't know what you're smoking. ... > [flames, good points]
I've set up iptables and ipfilter packet filters. Maybe I just have an ignorantly high estimation of my own skillz and knowledge, but I'm not sure I see how much more value these packages add, besides saving the user time spent learning how to put together a firewall. For some people, that time saved makes the canned product well worth using of itself. I'm not disputing that. I would just like to know what the improvement in _quality_ is when I stop using my handwritten rules and start using (say) shorewall. What sayst thou, Andrew? In his recent post Soren pointed out that many basic Aunt Tillie users don't even know enough to ask the right questions regarding computer setup. They definitely need a firewall if they are going to be dialed into the Internet for e-mail, or worse yet, if they have a cable connection, because they are liable to run <insert insecure, unpatched OS>. For this class of users we need to mix the ease of use that Mandrake aims for with the security of OpenBSD! But before we get this kind of an ideal, it seems to me that firewall packages are much better than nothing, especially if installed with the (unlikely) awareness that a canned solution has disadvantages as well as advantages. -- Arlie Capps CS student at BYU
pgp00000.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
