Hey, Shorewall to me is the work of one dedicated person (And a few of us who give our experiences to improve the product) .. Trust me .. You can buy a firewall (20k or more with no support ) ... or spend the time to understand IpTables ... I choose the latter .. Shorewall to me is a way of understanding and learning IPTables etc .. I could of course ask for more features (GUI, Wizards, IPTables imprinted in my brain etc) ... but how is that gonna help me understand what''s going on ??? How is that gonna help me explain to my partners attacks on my network. I would rather speak from a point of really knowing what''s going on with attacks than think that with my GUI, Wizards or etc that I am safe .. I would rather not say the sky is falling when its not .. I would rather only deal with real attacks .. I (And This is me) would rather know from truly knowing what''s going on than find a way to make it pretty or easy .. Tom .. Thank you for taking away some of the onerous writing of rules .. Thank you for putting it all in one Package .. And Most Importantly .. Thank you for never ever letting it get too easy ... Nothing good or right is easy folks .. Two Or Three Cents Worth, Francesca C Smith Lady Linux Internet Services
On Fri, 17 May 2002, Francesca C Smith wrote:> Hey, > > Shorewall to me is the work of one dedicated person (And a few of us who > give our experiences to improve the product) .. Trust me .. You can buy a > firewall (20k or more with no support ) ... or spend the time to understand > IpTables ... I choose the latter .. Shorewall to me is a way of > understanding and learning IPTables etc .. I could of course ask for more > features (GUI, Wizards, IPTables imprinted in my brain etc) ... but how is > that gonna help me understand what''s going on ??? How is that gonna help me > explain to my partners attacks on my network. I would rather speak from a > point of really knowing what''s going on with attacks than think that with my > GUI, Wizards or etc that I am safe .. I would rather not say the sky is > falling when its not .. I would rather only deal with real attacks .. I (And > This is me) would rather know from truly knowing what''s going on than find a > way to make it pretty or easy .. Tom .. Thank you for taking away some of > the onerous writing of rules .. Thank you for putting it all in one Package > .. And Most Importantly .. Thank you for never ever letting it get too easy > ... Nothing good or right is easy folks .. > > Two Or Three Cents Worth, >Thanks, Fransesca During my career, I''ve always tried to a) Understand a problem b) Abstract the problem c) Build a tool based on the abstraction that makes it a little easier to solve the problem. Shorewall is just another example -- I built Shorewall for my own use because it makes my job easier and then I decided to share the result. As you point out most eloquently, a tool is never a substitute for understanding. Nevertheless, because I''m one person working in isolation I can produce a product that uses inconsistent terminology and that is hard for newbies to understand (hell, large companies manage to do that all the time :-) So I appreciate all of the feedback that I get (both positive and negative) Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Fri, 17 May 2002, Francesca C Smith wrote:> Hey, > > Shorewall to me is the work of one dedicated person (And a few of us who > give our experiences to improve the product) .. Trust me .. You can buy a > firewall (20k or more with no support ) ... or spend the time to understand > IpTables ... I choose the latter .. Shorewall to me is a way of > understanding and learning IPTables etc .. I could of course ask for more > features (GUI, Wizards, IPTables imprinted in my brain etc) ... but how is > that gonna help me understand what''s going on ??? How is that gonna help meWell using Shorewall will not necessarily teach you about iptables. If you really want to know whats going on you SHOULD take the time to learn iptables and build your firewall by hand. That being said, I for one, don''t have enough time in the rest of my life to learn every thing about every aspect of system. I run the computers to serve my business needs, not JUST to run an OS. Therefore, I am quite happy to have a product like Shorewall do the work for me just as I am quite happy to write in a high level language and willingly forget the hundreds of hours I spent coding in Assembler. Softwear, especially in the Linux world, is layers upon layers upon layers. (Big fleas have little fleas upon their backs to byte ''em. Little fleas have lesser fleas, and so on infanitem.) Knowing Iptables still leaves you in the dark about what precisly is going on in the kernel in response to these tables. At some point you have to pick your level of abstraction and trust that the tool makers know their stuff.