On 7/3/07, Gil Freund <[EMAIL PROTECTED]> wrote:
On 7/3/07, Vassilii Khachaturov <[EMAIL PROTECTED]> wrote:
> > Let me try explaining what is it that I find missing in Debian's
> > iptables setup:
> >
>
> If you have console access, it's a different thing. I agree that,
> perhaps, a mid or low priority debconf option to change it to auto-save
> every change would be reasonable, as long as it is not a default.
I don't think you will find a consensus on what the "correct" behavior
should be.
I, for one, see this as reasonable. Debian is a general purpose OS.
It's impossible predict the actual usage and environment in which it
will be used.
Consider the following defaults:
Squid defaults to a restrictive mode by default (no access)
DHCPD will start automatically upon installation
CUPS web access is restricted to localhost
Exim is the default MTA
DHCP client will not send the hostname
While I find those annoying, I would not consider them bugs.
Because they aren't. Those are limitations by design, some due to
security considerations while other are purely because of popcon
statistics.
iptables on Debian OTOH is simply put "Plain Broken". It is not usable
for 99% of the use cases, which is why I think action should be taken.
Perhaps a versioning framework should be developed and have iptables
recommend iptables-persistent or something like that. I'm thinking
about a script that can run either in sysv mode or in daemon mode that
will monitor the active rule set and if needed create new revision of
the rule file, save the current rules and generate md5 hash to verify
everything is OK on next reboot.
>
> V.
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
>
--
Gil Freund, Systems Analyst
-------------------------------------------
Sysnet consulting
[EMAIL PROTECTED], http://www.sysnet.co.il
voice: +972-54-2035888, Fax: +972-8-9356026
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
--
Cheers,
Maxim Veksler
"Free as in Freedom" - Do u GNU ?
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
