[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is ipmasq worth it?

On Wed, 9 Jan 2002, Tzafrir Cohen wrote:

> > I use a script which I wrote which uses a config file to find out what to do
> > and which sets up all the appropriate things I want.  Never had any
> > problems, I just install the .deb I made for it, (no debconf yet), edit the
> > config file, and off it goes.  And I install a lot of firewalls.
> 
> Yup. This means that everybody need to write their own scripts. And the
> start-stop sequences. And the debconf interface.

Yeah, but what's the problem with writing a few lines of shell code?  If you
can't handle that, perhaps you shouldn't be herding boxen.  What other
rather important skills are you missing?

> Also consider the fact that shell code is hard to debug (for instance: if
> you have a syntax error at an execution path you rarely use and forgot to
> test, your script may blow-up unexpectedly)

That's why we have other languages for writing big things.  And yes, I've
screwed up plenty of shell scripts, and I've learnt from that, so now I'm
pretty sure that, when I write one, it's not going to fail in any one of the
myriad ways I've had scripts fail in the past.

> Having configuration from script (in a good way) can make the script more
> robust to syntax errors and such (they can be detected at the beginning,
> and not half-way through execution).

I agree.

> Displacer: I haven't worked with ipmasq .
> 
> If you like perl, you may consider using fwctl.

I don't really like it.  I see people raving about it, but I've never really
needed it (someone else does log analysis here).  As for other people's
firewalling scripts, I trust mine more.


-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@ieee.uow.edu.au
Reply to: