On Mon, 15 Apr 2002, Saso Virag wrote: > >Yes, but you can't rip everything out if you expect to run a commercial > >firewall's GUI. > > Sure you can. It's a Good_Thing(sm).
Commercial GUIs want X... > > > Solaris wants rpcbind for the X font server for instance. > >Ripping listening sockets out of CDE *sucks* and is non-trivial. > > That's true, but people really _should_ know better than running Xserver > and *gasp* CDE X manager on the firewall box. Operative word being > *should*. :-) Commercial GUIs want X... > > >Compiling IPFilter gets to be unfun if you don't have a Sun compiler and > >you're running 64-bit (download the compiler, install it, yadda, yadda, > >yadda.) > > *Sigh* You're right. IPF on Solaris 7 or 8 can be a bit of a problem, > but many have found ways to obtain 64-bit IPF. Trusting other people's > packages[0] is yet another one of those things that people shouldn't do, > but still do it. It's still a major pain, and one *most* admins won't go through. > > The long and short of it is that manually it's at least a full day to > >patch and harden and assumes things that most sites that aren't big Solaris > >shops don't have (admin clue being #1.) > > Yes, but then again, people should invest at least a day in deploying > new pieces of software and hardware. And after you've done it once, > document it. Then rebuild whatever you're implementing according to the > document. Fix document where applicable and rebuild again. :-) > Of course they should, but they won't[0]. > P.S.: Thanks Mike and Paul for extremely amusing debate. Glad someone else enjoyed it too :) Paul [0] I think I have an answer to this, but I'm fighting to (a) get it finished and (b) See if I can release it to non-customers. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
