-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
Florin wrote: | Hello, | | Let's not mix msec and shorewall, shall we ?
Yes, we have to. Shorewall's defaults in /etc/shorewall/policy should be dependent on msec settings, i.e. on "standard" level it sets up a policy as Buchan proposed, the higher levels may set even more restrictive policies. That was my point.
| If you want to allow everything from your own private computer, (firewall | or the computer on your private lan) simply change the policy, this can be | done in one line ... So I don't understand the point of this discussion ...
Well, the point is simple. If you know what to do, you enable it back in ~ few seconds (accompanied by an expletive of choice), but if you are a newbie, you are pretty much screwed, because the "internet does not work" and you do not know, that you have to change the defaults of the firewall to something sane. What is even worse, there is no way how to find out, since you are unable to get on-line.
Just see how many bugs like this were entered into Bugzilla in the past.
Then people are bitching about how broken and bad shorewall is. It is not, I like it a lot, because it is simple and pretty flexible, but the defaults are wrong.
Regards,
Jan
- --
Jan Ciger VRlab EPFL Switzerland GPG public key : http://www.keyserver.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/WNA9n11XseNj94gRAng8AKDGC4czd8JXJlHvJwP2B/kw92GbRgCgtzil Vm1vG9yYZCVGhuiGPuuF7Zw= =9Ejr -----END PGP SIGNATURE-----
