[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release update

On Tue, 30 Mar 2004 02:38:26 +0200, Javier Fernández-Sanguino Peña
<jfs@computer.org> wrote:
>Iptables is, or at least I think it is. However, the maintainer, in
>response to #212692, said:
>
>"iptables is not a firewall."
>
>Feel free to reopen that bug report, if firewall configuration should be
>part of the base install, it should be done by a good default rule in the
>iptables scripts.

No!

That would make all the firewall scripts out there more complex, and
it would probably break them on introduction and upgrades. If we
insist on shipping an unnecessary firewall with the base system, we
_MUST_ make it easily uninstallable while retaining
/usr/sbin/iptables. And surely a lot of systems is going to break on
upgrade if the current iptables package is suddenly replaced by one
establishing a non-empty, non-permit-all rule set on installation.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Reply to: