Gentoo Archives: gentoo-dev

From: Michael M Nazaroff <naz@×××××××××××××××××.et>
To: gentoo-dev@××××××××××.org
Subject: Re: [gentoo-dev] NAT iptables info
Date: Wed, 03 Oct 2001 13:45:02
In Reply to: [gentoo-dev] NAT iptables info by Donny Davies
1 On Wednesday 03 October 2001 12:34 pm, you wrote:
2 Just to let everyone know I completely agree with Donny on this...Gentoo
3 should be power house not dumbed down.
5 > Nope. Sorry. Im not in agreement in this at all. Of course, its open to
6 > debate, Im not saying I know everything, nor Im 100% right. Go ahead,
7 > debate away. But I dont want any part of it, Ill tell you that!
8 >
9 > If you dont understand the ramnifications of packet filetering, NAT, etc
10 > then you have *no* business running this software. We are not Microsoft or
11 > Wingate, opening yuor machine to a wider world.
12 >
13 > What if somebodys iptables script is made into an ebuild, and said script
14 > turns out to be flawed, perhaps seriously? Then its "hey, yeah those guys
15 > at gentoo have a firewall setup like swiss cheese.". What interfaces are
16 > yuo going to configure this ebuild for? eth0 and eth1? how about ppp? maybe
17 > an isdn interface? How do yuo choose? Im going to say this again, it is
18 > %100 configuration. This is *not* the domain of a package. It is the domain
19 > of a system administrator. This is 1 file we're talking about here people,
20 > not a series of docs, scripts, config files. *most* of them anyway. There
21 > *are* some that come with external configs. But thats all beside the point.
22 > The script needs to be edited. This whole thing started because we
23 > basically had a post to the devel list of the flavour: "I need an iptables
24 > HOWTO".
25 >
26 > What are you going to do about the kernel modules? Did you know that
27 > the netfilter modules are built at the kernel level? How are you going to
28 > DEPEND on that?
29 >
30 > This is bad policy. A distribution should *not* be dictating *policy*. To
31 > not understand that is a big mistake. Listen, Redhat and Mandrake are
32 > the kinds of distros doing this stuff! Making Linux into a 1-click affair.
33 > This is not our primary intention. Not at this stage anyway!
34 >
35 > So feel free to debate it all you want, I wont be having *any* part in it
36 > Ill tell you that!
37 >
38 > Cheers!


