[Shorewall-devel] Sample Files Improvement

Paul Gear paul at gear.dyndns.org
Fri May 27 20:13:55 PDT 2005


Tom Eastep wrote:
> ...
> Yes -- we tried that and *it was a disaster*. It allows people to get their
> first firewall up a LITTLE bit easier *without knowing one damed thing*
> about Shorewall. Then the first time that they wanted to do something that
> wasn't covered by a shell variable in /etc/shorewall/parms there was a
> complete paradigm shift and they had to learn what Shorewall is really about.
> 
> It was a support nightmare.
> 
> It is *much better* to make newbies learn the basics of Shorewall from the
> beginning. As I say on the Shorewall home page, if you are looking for a
> point-and-click set-and-forget firewall, SHOREWALL ISN'T FOR YOU.
> 
> Please don't make this change -- you will regret it.

I remember when that happened.  It wasn't pretty.  Making people learn
the importance of zones & policies is "the right thing" (tm).  :-)

-- 
Paul
<http://paulgear.webhop.net>
--
Did you know?  Using accepted quoting conventions makes
your email easier to understand.  Learn how at
<http://www.netmeister.org/news/learn2quote.html>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050528/1739cd09/signature.bin


More information about the Shorewall-devel mailing list