Shorewall devel - May 2005 - What is going on now?

Hi,

I read the news about Tom Steps quit. I use shorewall for some days now
and as many people I ike it very much. I asked Tom in a personal mail,
what could be done to continue the project and he told me I had to
subscribe to this list.

My ideas where:

a) Mirroring the site
b) I would like to study the code and help
c) I am studying computer science and I could ask some teachers and
friends there, if they would like to participiate to the project. We use
shorewall there at our main routers.

What I can do:
I started learning AWK, yesterday night.
I can script some pieces of bash.
I have some ideas on iptables. I started a project adminutility.sf.net
(Something similar to shorewall - don?t look at it ;-) ) some years ago,
but after I found shorewall, the fial release never left CVS.

So I really would like to know, if this very great project will continue.

Thanks in advance

Christian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050523/e45b785b/signature.bin

Sorry for misspelling the name. I meant Tom Eastep.

Christian Roessner schrieb:
> Hi,
> 
> I read the news about Tom Steps quit. I use shorewall for some days now
> and as many people I ike it very much. I asked Tom in a personal mail,
> what could be done to continue the project and he told me I had to
> subscribe to this list.
> 
> My ideas where:
> 
> a) Mirroring the site
> b) I would like to study the code and help
> c) I am studying computer science and I could ask some teachers and
> friends there, if they would like to participiate to the project. We use
> shorewall there at our main routers.
> 
> What I can do:
> I started learning AWK, yesterday night.
> I can script some pieces of bash.
> I have some ideas on iptables. I started a project adminutility.sf.net
> (Something similar to shorewall - don?t look at it ;-) ) some years ago,
> but after I found shorewall, the fial release never left CVS.
> 
> So I really would like to know, if this very great project will continue.
> 
> Thanks in advance
> 
> Christian
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Shorewall-devel mailing list
> Shorewall-devel@lists.shorewall.net
> https://lists.shorewall.net/mailman/listinfo/shorewall-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050523/4d83df9e/signature.bin

Christian Roessner wrote:
> 
> So I really would like to know, if this very great project will continue.
> 
I think that one of the first priorities for the team should be to try
to attract someone to the team that has strong iptables/netfilter
knowledge. So far, of the people who have volunteered to help, it seems
that iptables/netfilter knowledge (and interest) is missing.

You might consider recruiting on the Netfilter and Netfilter development
lists.

Lack of this knowledge is going to be a handicap going forward.

As a case in point, there is a current thread on the User''s List where
the poster asks:
------------------------------------------------------------------------
I have this rule:

iptables  -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source
$SOURCEIP

how do I integrate that into Shorewall?
------------------------------------------------------------------------

So far, attempts to help this person have been unsuccessful because it
seems that the well-meaning people attempting to help don''t understand
what that rule does.

The rule is a basic SNAT rule which is generated by an entry in the masq
file.

e.g., in /etc/shorewall/masq:

#INTERFACE        SUBNET           ADDRESS
<external if>     10.8.0.0/16	   $SOURCEIP

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> 
> So far, attempts to help this person have been unsuccessful because it
> seems that the well-meaning people attempting to help don''t
understand
> what that rule does.
> 
Damn -- I opened my mouth too soon -- Jerry just answered correctly :-)

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Mon, 2005-05-23 at 10:17, Tom Eastep wrote:
> Tom Eastep wrote:
> > So far, attempts to help this person have been unsuccessful because it
> > seems that the well-meaning people attempting to help don''t
understand
> > what that rule does.
> 
> Damn -- I opened my mouth too soon -- Jerry just answered correctly :-)
Tom,
This is a good thing, and exactly as it should be. Most of the time
people will fill in the holes. :-)

-- 
Mike Noyes <mhnoyes at users.sourceforge.net>
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs

> On Mon, 2005-05-23 at 10:17, Tom Eastep wrote:
> > Tom Eastep wrote:
> > > So far, attempts to help this person have been unsuccessful
because it
> > > seems that the well-meaning people attempting to help
don''t
understand
> > > what that rule does.
> >
> > Damn -- I opened my mouth too soon -- Jerry just answered
correctly :-)
>
> Tom,
> This is a good thing, and exactly as it should be. Most of the time
> people will fill in the holes. :-)
>
> --
"Most" of the time I have the correct answer, create a reply, but
before I send it,
I check to see if someone else replied, and guess what, Tom already
responded....
Into /dev/null goes that reply.
Tom, you have always responded too quickly, IMHO, (usually less that
an hour)
guess I''ll get my chance now... :-)

Jerry

Jerry Vonau wrote:
> guess I''ll get my chance now... :-)
You will indeed, Jerry

Thanks,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

I hope the efforts of people like Jerry give you the confidence to step 
back to a last resort level of support instead of just stopping Shorewall 
support.

It is tool late for lunch today.  Wednesday is bad for me.  When would 
you like to get together for lunch?

Cheers!

-- 
Steve Herber	herber@thing.com		work: 206-221-7262
Security Engineer, UW Medicine, IT Services	home: 425-454-2399

On Mon, 23 May 2005, Tom Eastep wrote:
> Tom Eastep wrote:
> 
> > 
> > So far, attempts to help this person have been unsuccessful because it
> > seems that the well-meaning people attempting to help don''t
understand
> > what that rule does.
> > 
> 
> Damn -- I opened my mouth too soon -- Jerry just answered correctly :-)
> 
> -Tom
>

Steve Herber wrote:
> It is tool late for lunch today.  Wednesday is bad for me.  When would 
> you like to get together for lunch?
How about Friday?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

>
> "Most" of the time I have the correct answer, create a reply, but
> before I send it,
> I check to see if someone else replied, and guess what, Tom already
> responded....
> Into /dev/null goes that reply.
> Tom, you have always responded too quickly, IMHO, (usually less that
> an hour)
I posted a statement like this a couple of month ago too. So Jerry, I fully 
agree.

And Tom, last weekend when I tested the Multi ISP support with you, I told you 
that I think that the documentation should be improved and that I want to 
write it for you. Before I started to think what to write you already fixed 
it... Impossible to help you like this :-)


Alex

My Question is the following, I could be wrong but it seems to me that tom 
doesn''t really want to leave shorewall but has come to a point where he
feels there is no other choice. My idea which is just that is the following.

- Tom should never have to answer a support question directly.
- Support group is the community as a whole.
- Tom should if he wants to is developement only and be part of the devel 
list only.
- Developers that lurk on main support list can always discuss weird issues 
among developers and possibly offer a solution." Just not tom
;)...kidding."
- Plain and simple Tom should focus on developement and not on the
doc''s and
support of questions like how can i snat, especially when online 
documentation requires only a simple copy an paste of a rule set to get 
working.
- If people are not ok with this then too bad. Better a small project with 
fewer release cycle than a large project full of holes.

What im trying to say is, if this was a company nobody would be going to the 
lead developer to ask how to reboot a PC, and open source community should 
not expect a lead developer to contribute to such questions.

Tom I started a project a while back and after being stressed beyond what 
seemed normal i gave it up, 4 years later i sometimes wish i kept some 
control over it. But this is just my 2 cents in a world rulled by dollars.

------
World Community Grid
Where all my unused computer time goes
http://www.worldcommunitygrid.org/team/viewTeamInfo.do?teamId=9FL4CP1TN1
----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: "Shorewall Development Mailing List" 
<shorewall-devel@lists.shorewall.net>
Sent: Monday, May 23, 2005 3:07 PM
Subject: Re: [Shorewall-devel] What is going on now?

> Steve Herber wrote:
>
>> It is tool late for lunch today.  Wednesday is bad for me.  When would
>> you like to get together for lunch?
>
> How about Friday?
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
> _______________________________________________
> Shorewall-devel mailing list
> Shorewall-devel@lists.shorewall.net
> https://lists.shorewall.net/mailman/listinfo/shorewall-devel
>

Nick Sklav wrote:
> My Question is the following, I could be wrong but it seems to me that
> tom doesn''t really want to leave shorewall but has come to a point
where
> he feels there is no other choice.
Nick,

I may very well come back to Shorewall at some point. My wife (who knows
me pretty well given that we''ve been together for 36 years) thinks
I''ll
be back within six months. I personally don''t know what will happen;
but
I feel like I have to get totally away from it for a while.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Jerry Vonau wrote:
> ...
> "Most" of the time I have the correct answer, create a reply, but
> before I send it,
> I check to see if someone else replied, and guess what, Tom already
> responded....
> Into /dev/null goes that reply.
> Tom, you have always responded too quickly, IMHO, (usually less that
> an hour)
> guess I''ll get my chance now... :-)
Tom''s Achilles heel.  Not only responding quickly, but to nearly
*every*
thread as well...

We love you, Tom, but you''re bloody obsessive.  :-)

-- 
Paul
<http://paulgear.webhop.net>
--
Did you know?  Microsoft Internet Explorer and Outlook have a poor track
record for security <http://www.kb.cert.org/vuls/id/713878>.  Why not
try one of the more secure alternatives from <http://mozilla.org>?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050524/547150a9/signature.bin

Tom Eastep wrote:
> Nick Sklav wrote:
> 
>>My Question is the following, I could be wrong but it seems to me that
>>tom doesn''t really want to leave shorewall but has come to a
point where
>>he feels there is no other choice.
> 
> 
> Nick,
> 
> I may very well come back to Shorewall at some point. My wife (who knows
> me pretty well given that we''ve been together for 36 years) thinks
I''ll
> be back within six months. I personally don''t know what will
happen; but
> I feel like I have to get totally away from it for a while.
Go for it, man.  Have a rest...

-- 
Paul
<http://paulgear.webhop.net>
--
Did you know?  Using Microsoft Internet Explorer can make your computer
less secure.  Find out more at <http://browsehappy.com>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050524/5ebe0f98/signature.bin

Everyone:

I forgot to address the original post to Tom directly.  Do you really care
about lunch?  Well, you might, so if you want to get together for lunch this
Friday, contact me for details.  Lunch will be somewhere in the Seattle
area, in the Northgate to Shoreline region.

Tom:

Friday is good for me.  I have a meeting that ends at noon so 12:30 would be
a good time.  Which end of town is best for you?

Cheers!

-- 
Steve Herber	herber@thing.com		work: 206-221-7262
Security Engineer, UW Medicine, IT Services	home: 425-454-2399

On Mon, 23 May 2005, Tom Eastep wrote:
> Steve Herber wrote:
> 
> > It is tool late for lunch today.  Wednesday is bad for me.  When would
> > you like to get together for lunch?
> 
> How about Friday?
> 
> -Tom
>

2005/5/23, Tom Eastep <teastep@shorewall.net>:
> I may very well come back to Shorewall at some point. My wife (who knows
> me pretty well given that we''ve been together for 36 years) thinks
I''ll
> be back within six months. I personally don''t know what will
happen; but
> I feel like I have to get totally away from it for a while.
> 
> -Tom
go..take a rest,you deserve it,we ''ll try to keep this proyect running.

Paul Gear wrote:
> 
> We love you, Tom, but you''re bloody obsessive.  :-)
> 
As I just wrote to Alex Wilms via IM, I said in my resignation post that
"...in the long term, trying to support a project like Shorewall is
impossible for a person *of my personality* and age". I fully admit that
I''m obsessive about Shorewall; that''s the heart of the
problem.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Monday 23 May 2005 22:13, Tom Eastep wrote:
> My wife (who knows me pretty well given that we''ve been together
for 36
> years) thinks I''ll be back within six months. I personally
don''t know what
> will happen; but I feel like I have to get totally away from it for a
while.
I think we all will miss your development skills on shorewall but we do 
understand that you need at least some timeout. Enjoy it and use it!

I use shorewall on two personal firewall systems and on two firewall systems 
in the company I work for besides my university studies. Thank you for the 
wonderful shorewall product!


Alex