2005/5/27, Paul Gear <paul@gear.dyndns.org>:> > I think a champion for the samples is just what we need right now. Tom > carried so much of shorewall completely on his own, but we can''t afford > to do that. We need each person to take responsibility in one > particular area, and then get in and *do* it. The samples are there in > CVS now (http://cvs.sourceforge.net/viewcvs.py/shorewall/Samples/), so > you can start hacking on them right now if you choose, and send patches > to this list.Im already "hacking" the Samples. what ''s the change?? well.. I''m proposing a "centralized" " config file" /etc/shorewall/params where all the interfaces options and basic stuff are defined using Shell variables with commented instructions. but probably somebody have a good reason to NOT do this change.. any comments?
Cristian Rodriguez wrote:> Im already "hacking" the Samples. > > what ''s the change?? > > well.. I''m proposing a "centralized" " config file" > /etc/shorewall/params where all the interfaces options and basic stuff > are defined using Shell variables with commented instructions. > > but probably somebody have a good reason to NOT do this change.. > > any comments?Yes -- we tried that and *it was a disaster*. It allows people to get their first firewall up a LITTLE bit easier *without knowing one damed thing* about Shorewall. Then the first time that they wanted to do something that wasn''t covered by a shell variable in /etc/shorewall/parms there was a complete paradigm shift and they had to learn what Shorewall is really about. It was a support nightmare. It is *much better* to make newbies learn the basics of Shorewall from the beginning. As I say on the Shorewall home page, if you are looking for a point-and-click set-and-forget firewall, SHOREWALL ISN''T FOR YOU. Please don''t make this change -- you will regret it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> ... > Yes -- we tried that and *it was a disaster*. It allows people to get their > first firewall up a LITTLE bit easier *without knowing one damed thing* > about Shorewall. Then the first time that they wanted to do something that > wasn''t covered by a shell variable in /etc/shorewall/parms there was a > complete paradigm shift and they had to learn what Shorewall is really about. > > It was a support nightmare. > > It is *much better* to make newbies learn the basics of Shorewall from the > beginning. As I say on the Shorewall home page, if you are looking for a > point-and-click set-and-forget firewall, SHOREWALL ISN''T FOR YOU. > > Please don''t make this change -- you will regret it.I remember when that happened. It wasn''t pretty. Making people learn the importance of zones & policies is "the right thing" (tm). :-) -- Paul <http://paulgear.webhop.net> -- Did you know? Using accepted quoting conventions makes your email easier to understand. Learn how at <http://www.netmeister.org/news/learn2quote.html>. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 256 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050528/1739cd09/signature.bin