On Sat, 7 Mar 1998, Christoph Lameter wrote: > I have the impression not only that the list is not giving information but > that it is misleading to people not knowing about firewalls. And the > packages needed to build a debian firewall are already in place. I have > severe doubts about the direction this thing is going and I have been > using Debian for firewalls from the beginning. Some packages related to > firewalling in Debian have been released by me.
Sorry, but this sounds like: here are the bricks, please build the house yourself. I run my first Linux based firewall in June 1994. Since then I installed dozens of firewalls, Linux based and commerciall firewalls. I really know about what I'm talking. We need the packages. But we need also some other things besides the packages and a full featured Debian system. In the same sense that user friedly setup tools are needed, in the same sense we need an easy to setup firewall system. In this same sense Debian also needs an easy to setup system for office use, and also an easy to configure system for a non Linux/UNIX specialist. Please don't expect that every user has the knowledge to - select the appropriate packeges for a firewall - and to configure them. I also don't like to do always the same repeating tasks for every firewall installation. I want some of the tasks automated, I want to give parts of a firewall management to less knowledgable admistrators (like user management for proxies). I also want an autitable system, preferably a automatic auditing of the system setup against a formal description of the security policy. The today best selling commercial firewall attracts with a graphical user interface. As a purist I don't like it, but this type of user interfaces are expected from the users. A firewall system without a colourfull windows interface could not be a good firewall, it could be to complicated to setup it and to manage it. So the mind of decission makers in the industry. Besides the now (sometimes chaotical ;-) running discussion on debian-firewall I expect some positive results from this list. This is the first wide run discussion plattform about the _construction_ of a system of this type. Hubert ------------------------------------------------------------------------------ Hubert Weikert DB1MQ Member of DARC (www.darc.de) and FITUG (www.fitug.de) Email: [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cube.net/~weikert/ Book: Kryptographie mit dem Computer (PGP Praxis) ISBN 3-7905-1503-5 DM 19,80 Key = 21978C61 fingerprint = 99 38 A5 83 C8 76 F4 E1 A7 9C B9 70 9A A7 70 10 -- E-mail the word "unsubscribe" to [EMAIL PROTECTED] TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to [EMAIL PROTECTED] .
