On Mon, Sep 29, 2014, at 01:34 PM, Tom Eastep wrote:
> The current Shorewall version is usable back to at least RHEL 5, Debian
> 5, and OpenSuse 10. So per-distro defaults (as represented by the
> shorewallrc.* files) are not one-size-fits-all.
I'd consider starting a retort with "Nobody uses THOSE ...", but that'd be
foolhardy.
Point taken.
> For several years now, I've been tempted to drop rpms from the Shorewall
> distribution altogether:
Not a fan myself; I personally find the overhead of cryptic .spec files an
annoyance. As mentioned, I'm just taking advantage of the easy
uninstallablility ...
`checkinstall` had made that very easy for any build/install. No longer
maintained, and currecntly buggy.
> - The Shorewall install system is capable of per-host/per-distro
> customization and can create tarballs suitable for input into
> the packaging systems.
If I'm objectively honest, rather than greedy, my own advice would be to drop
rpms. It, at least, removes all (most?) host-specificity, simplifies
maintenance, and lets "dev" focus on functional, rather than administrative,
code.
A clean tarballs-only build system, with a single configurable shorewallrc that
carries config to all build targets, is attractive.
Installing into a single non-system directory, e.g.
/opt/shorewall/{bin,sbin,lib,etc etc}, is trivially 'reversible', and can
easily be integrated into init.d's or systemd units.
etc.
I.e., I can't really disagree with you.
------------------------------------------------------------------------------
Slashdot TV. Videos for Nerds. Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
