Gentoo Archives: gentoo-dev

From: Donny Davies <woodchip@g.o>
To: gentoo-dev@××××××××××.org
Subject: [gentoo-dev] NAT iptables info
Date: Wed, 03 Oct 2001 13:38:11
1 Nope. Sorry. Im not in agreement in this at all. Of course, its open to debate,
2 Im not saying I know everything, nor Im 100% right. Go ahead, debate away.
3 But I dont want any part of it, Ill tell you that!
5 If you dont understand the ramnifications of packet filetering, NAT, etc then
6 you have *no* business running this software. We are not Microsoft or Wingate,
7 opening yuor machine to a wider world.
9 What if somebodys iptables script is made into an ebuild, and said script turns
10 out to be flawed, perhaps seriously? Then its "hey, yeah those guys at gentoo
11 have a firewall setup like swiss cheese.". What interfaces are yuo going to
12 configure this ebuild for? eth0 and eth1? how about ppp? maybe an isdn
13 interface? How do yuo choose? Im going to say this again, it is %100
14 configuration. This is *not* the domain of a package. It is the domain of
15 a system administrator. This is 1 file we're talking about here people, not
16 a series of docs, scripts, config files. *most* of them anyway. There *are*
17 some that come with external configs. But thats all beside the point. The
18 script needs to be edited. This whole thing started because we basically had
19 a post to the devel list of the flavour: "I need an iptables HOWTO".
21 What are you going to do about the kernel modules? Did you know that
22 the netfilter modules are built at the kernel level? How are you going to
23 DEPEND on that?
25 This is bad policy. A distribution should *not* be dictating *policy*. To
26 not understand that is a big mistake. Listen, Redhat and Mandrake are
27 the kinds of distros doing this stuff! Making Linux into a 1-click affair.
28 This is not our primary intention. Not at this stage anyway!
30 So feel free to debate it all you want, I wont be having *any* part in it
31 Ill tell you that!
33 Cheers!
34 --
35 Donny


Subject Author
Re: [gentoo-dev] NAT iptables info Michael M Nazaroff <naz@×××××××××××××××××.et>