[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: And now for something completely different... etch!

On Mon, Jun 06, 2005 at 10:57:50PM -0400, Grzegorz B. Prokopski wrote:
> My impression was that firewall setting is generally a messy business,
> because there's too many packages that mess with it, usually assuming
> they're the only ones who touch it.  This was, I think part of the
> reason why /etc/init.d/iptables was removed (I still use it on all of
> my old and newly installed machines, btw.)  But maybe I am wrong and
> somebody else could provides more details here.

Actually, that's not why iptables's init script was removed. Firewall 
packages (shorewall, bastille, knetfilter, guarddog, etc.) provide their 
own firewall handling code, they don't use the 'iptables save' 
functionality the iptables maintainer provided in previous releases.

In any case, no sysadmin should install conflicting firewalling code. I was 
considering asking debian-policy to add a 'firewall' virtual package so 
that all firewall packages Provided: it and Conflicted: with it. 

> > - inetd begone! -> xinetd (better mechanism to control DoS, privilege
> >   separation, etc.)
> IIRC a mechanism for *netd switching had been discussed in Woody times,
> then waited for Sarge and I believe we already had some preliminary
> implementation but it's still not finished.  Other distros like PLD had
> that years ago, btw.

There's preliminary implementation for the switch but the management tools 
(i.e. netbase's update-inetd IIRC) need to be handle xinetd too (see 
#8927, #10059 and #25816).

> > - Separate runlevels: 2 for multi, no net, 3 for multi no X, 4 for X, 4=5
> Do we really need that?  I thought I could always

Yes, IMHO we should use the LSB levels.

> > - Better package search mechanism (tags?) allowing free text search
> >   in package management interfaces: "I want a program that does X"
> Doesn't 'apt-cache search X' do exactly that?

No, it does not cut it. I will answer this in depth in a separate e-mail.



Attachment: signature.asc
Description: Digital signature

Reply to: