Re: Firewall tools don't play nice with each other

To: "Laurence J. Lane" <ljlane@debian.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: Firewall tools don't play nice with each other
From: Russell Hires <rhires@earthlink.net>
Date: Tue, 23 Apr 2002 21:02:17 -0400
Message-id: <[🔎] E170BAp-0000X1-00@localhost>
Reply-to: rhires@earthlink.net
In-reply-to: <20020423104516.A2367@auric.debian.org>
References: <[🔎] E16zH9s-00026z-00@localhost> <20020423104516.A2367@auric.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmmm....I meant the GUI tools, and even a few of the command line ones. Not 
specifically ipchains or iptables. I also meant the packaging of the tools. 
Part of Debian Policy states that some packages should conflict with other 
packages. I think that, for example, guarddog should conflict with shorewall 
firewall. I think that only one should be in place at a time. When I do 
apt-get install guarddog, and I've already got shorewall, that I'll get a 
very specific warning message that I'm playing with firewalls (heh), that 
this is a security issue, be careful, do I really want to do this, etc., and 
that by choosing to install one, I'll be removing the other one, or no, you 
can't do this right now, you have to separately choose to remove shorewall 
first. That's what I meant. :-) 

I didn't mean to be clear as mud earlier. 

Russell

On Tuesday 23 April 2002 10:45 am, Laurence J. Lane wrote:
> On Sun, Apr 21, 2002 at 09:13:28AM -0400, Russell Hires wrote:
> > I've been playing with the various firewall tools that are a part
> > of debian, and I'm surprised by something: None of them conflict
> > with each other, and I think they should.  Rather than filing bug
> > reports for each different tool, I was thinking that there should
> > be some sort of conference between all of the firewall tool
> > maintainers so that they can coordinate a firewall policy of some
> > kind, and so that their firewall tools will play nice with each
> > other.
>
> Do you mean ipfwadm, ipchains, and iptables? There is no technical
> conflict between them.
>
> > Is such a thing feasable? If so, how would one go about organizing
> > such a thing? Any advice out there? Is this even a good idea?
>
> Based on the information given so far, I do not see it as a good
> idea.

- -- 
Linux -- the OS for the Renaissance Man 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8xgQZAqKGrvVshJQRAlL/AJ908feIIdjm93Opdqa7i/1UoRiQoACg87lP
UPIkdXHaCCbI0Q+zpxDuBB4=
=i5tT
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Firewall tools don't play nice with each other
  - From: Daniel Pittman <daniel@rimspace.net>

References:
- Firewall tools don't play nice with each other
  - From: Russell Hires <rhires@earthlink.net>

Prev by Date: Re: Hardware configuration
Next by Date: Re: Hardware configuration
Previous by thread: Firewall tools don't play nice with each other
Next by thread: Re: Firewall tools don't play nice with each other
Index(es):
- Date
- Thread