Re: Required firewall support

To: Joel Aelwyn <fenton@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Required firewall support
From: Thomas Bushnell BSG <tb@becket.net>
Date: 17 Mar 2005 09:08:59 -0800
Message-id: <[🔎] 87y8cm2o9g.fsf@becket.becket.net>
In-reply-to: <[🔎] 20050317154353.GX7864@spawn.internal.mnemosyne-consulting.com>
References: <[🔎] 87oedjtndt.fsf@becket.becket.net> <[🔎] 20050316230804.GB14110@wonderland.linux.it> <[🔎] 87ekef2nhv.fsf@becket.becket.net> <[🔎] 20050317033948.GT7864@spawn.internal.mnemosyne-consulting.com> <[🔎] 87d5tzx77g.fsf@becket.becket.net> <[🔎] 20050317070119.GW7864@spawn.internal.mnemosyne-consulting.com> <[🔎] 87k6o6vg9w.fsf@becket.becket.net> <[🔎] 20050317154353.GX7864@spawn.internal.mnemosyne-consulting.com>

Joel Aelwyn <fenton@debian.org> writes:

> If you have all of the filtering rule support, then why is this even an
> issue? Write the user-space tool and you should be golden; you've got a
> useable firewalling implementation.
> 
> What's the problem?

Who said there was a problem?  I was asking exactly what support was
required.  You started talking on about what was a "toy os" and the
importance of this or that.

It is, however, a very low priority for development, and the people
who are likely to do the work would like to know exactly what is being
asked.

The secondary question, why is this important, is one that perhaps
only the people who were at the Vancouver meeting can explain, and
unless I've missed it, they have not.

> That means firewalling capabilities. It's flat ****ing insane to expect DSA
> folks to try to keep a system secure if it doesn't have basic firewalling.
> It's that simple, and it's backed by a couple of decades of best common
> practice by both network and systems administrators.

Are the DSA people using firewalling features now?  I can't see any
indication in the config files of the machines I checked when you so
confidently asserted they were, but I might have missed something.

However, we are not expecting the DSA people to keep the system
secure; SCC non-released arches don't need to provide developer
machines.

Thomas

Reply to:

Follow-Ups:
- Re: Required firewall support
  - From: md@Linux.IT (Marco d'Itri)

References:
- Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: md@Linux.IT (Marco d'Itri)
- Re: Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>
- Re: Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>
- Re: Required firewall support
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Required firewall support
  - From: Joel Aelwyn <fenton@debian.org>

Prev by Date: Re: Another load of typos
Next by Date: Re: Relaxing testing requirements (was: summarising answers to Vancouver critique)
Previous by thread: Re: Required firewall support
Next by thread: Re: Required firewall support
Index(es):
- Date
- Thread