-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> > I also meant the packaging of the tools. Part of Debian Policy states > > that some packages should conflict with other packages. > > Yes, where the packages cannot coexist correctly. > > > I think that, for example, guarddog should conflict with shorewall > > firewall. I think that only one should be in place at a time. > > Well, that's nice, but /why/ should there only be one in place? If each package modifies rc.firewall, then I guess it doesn't matter. But I don't think they do. I also don't know where they insert themselves in the startup sequence. This is the problem that I've had in particular: I've got two different firewalls in place, at two different points in my start up, so I think that one works, but then another is actually doing the firewalling. Then, on top of that, I've got PPPoE (which is also a debian package), which does its own thing to the firewall/ipchains to enable forwarding to the other (private) hosts on my network. I had to go and hunt down why the firewalling wasn't working the way that I thought it was because of this. This is ultimately what I'm looking at as a problem. It's the last firewall script that is run that determines what the rules are. There should be some debian policy about that. Russell > > > When I do apt-get install guarddog, and I've already got shorewall, > > that I'll get a very specific warning message that I'm playing with > > firewalls (heh), that this is a security issue, be careful, do I > > really want to do this, etc., > > That isn't going to stop people cutting themselves if they play with > knives. Having two knives in the draw is no more dangerous than one... > > > and that by choosing to install one, I'll be removing the other one, > > or no, you can't do this right now, you have to separately choose to > > remove shorewall first. That's what I meant. :-) > > That's still a really bad idea. There is no conflict, either conceptual > or technical, why two firewalling packages cannot coexist. > > > I didn't mean to be clear as mud earlier. > > I think that your intention was clear. Your reasoning, OTOH, isn't. > > Daniel - -- Linux -- the OS for the Renaissance Man -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8xqypAqKGrvVshJQRAsCvAJ9vLjABS6e/NPe6m/7yv7Q+iq4XBACg182d bk9pZ35TK3ln9Ww24Jw2hG0= =GHDg -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
