Because I think it fits: http://noobfarm.org/viewquote.php?id=1667
|
Quote:
Quote:
However, I agree IPtables is not the easiest thing to deal with, when you want to learn to control the firewall. Many people -- and not only noob -- seem to dream to an OpenBSD's pf Linux clone (and indeed nftables was taking that way). Maybe include shorewall or this kind of thing could help to fix this... |
Quote:
|
Shorewall from the last times I've tried to use it takes a lot of configuration time to setup, configure, reconfigure several times, hoping you get it right. A script to configure Shorewall would be a real undertaking though, but would make the process easier to setup everything and the fact that Shorewall6 supports IPv6 would be a good addition as well.
Perhaps a small compromise... Could an offline form of AlienBOB's webpage for setting up the IPTables firewall be included on the DVD in /extra? |
What about firewall builder, it looks reasonably easy to use:
http://www.fwbuilder.org/ You can use it to generate scripts in a similar but more GUI way. It is GPL'd by the way, just in case you think the site looks proprietary. http://www.youtube.com/watch?v=Q5GPrkwyGxw |
FwBuilder might be too advanced for some users. It might be best to want a firewall that anyone can use and can be setup with a script generation tool that doesn't require advanced level and knowledge of firewalls, IP addressing, and such tasks.
Shorewall seems better because it's just non-architectural scripts that require an editor or script generator. AlienBOB's EFG fits this because it more or less the same thing, but just uses a webpage based script generation tool to create the rc.firewall script to load modules for the kernel and setup addressing schemes, ports, etc. However, regardless which would ever be useful, you want something for everybody of any skill level and it has to be optional to setup. |
Quote:
|
Choose your answer :
A.ONLY a blank rc.firewall. B.ONLY rc.firewall with very basic script. C.Installer option + blank rc.firewall D.Installer option + very basic firewall E.Installer option + generator scripts included F.All the anwers wrong. (Only BDFL can choose this ) :D Maybe the easy route just make rc.firewall exist. The user will enable this features if he want it (just change it to 755).The problem is the content of rc.firewall it self. Every user have different agenda, so the content should be a basic one. |
Quote:
Plus I did leave the option out to discuss including an offline webpage on the installation disk for EFG, possibly in /extra. The decision to remove Gnome was big but then find out we have to rely on some of it's libraries and find out we need to add some back in to support packages using them as dependencies. Yet many seem to think adding Gnome libraries back in for dependencies is the end of the world. It's just dependencies and while Slackware is growing all the time, it's evolving all the time as well. We knew eventually it wasn't going to be an OS limited to just 1 CD-ROM disk or even now 1 DVD-ROM disk. With time all things change to some extent. However, as anything goes, it's just discussion, ideas being tossed back and forth, conversion, and even some debate. Better to be a ripple in a pond than a wave in the ocean. |
Quote:
I like the sample and warning from FreeBSD related to firewall : http://www.freebsd.org/doc/en_US.ISO...alls-ipfw.html Quote:
|
Posting from my phone:
I would suggest that if a firewall was ever included that even at the bsic configuration that it's a stateful packet inspection firewall rather than a stateless firewall. However there could be an option to have a generic rc.firewall script setup as such for a stateful packet inspection and filtering scheme for dynamic addresses already in the /etc/rc.d directory and all the end user has to do is run chmod +x against it from root to enable it. |
We have /usr/share/mkinitrd/mkinitrd_command_generator.sh with no option in installer to use it.
As for me /usr/share/iptables/firewall_generator.sh placed in iptables package and mentioned in documentation (CHANGES_AND_HINTS.TXT) with no option in installer seems the best solution. |
Quote:
|
Cool.
|
+1 for the firewall config script in the installer, although it should be "skippable"
Scripts that automate system configuration (like liloconfig or mkinitrd_command_generator.sh) are already present in Slackware, so I don't think making things easier goes against the distro's philosophy. |
All times are GMT -5. The time now is 06:47 PM. |