Re: Debian 9 network management
On Thu 16/Aug/2018 14:02:08 +0200 Reco wrote:
> On Thu, Aug 16, 2018 at 12:04:28PM +0200, Alessandro Vesely wrote:
>> On Wed 15/Aug/2018 08:31:32 +0200 mick crane wrote:
>>> I too have been wondering about this and the wiki seems clear.
>> However, that doesn't cover how to properly coordinate setting up IP links,
>> firewall, NAT, and netfilter daemons.
> If you're using userspace daemons for netfilter then you're doing it
> wrong. For instance, it has forced non-exsistent distinction between the
> firewall, NAT and netfilter in your e-mail.
> All these are merely the state of running kernel, and while you
> certainly need userspace for configuring them, there's no need for any
> userspace running for these things to function.
A netfilter queue daemon runs in userspace, but that doesn't make much of a
difference. The point is in what order things are configured/ enabled, and
which files do you have to edit to check or change the corresponding parameters.
>> IIRC it is possible, but difficult to make and maintain, and seemingly
> A difficulty is in the eye of the beholder.
So is his/ her learning curve, especially in a system where network management
leans toward casual laptop users rather than server admins —and rightly so.
In any case, a sysadmin has to learn the syntax of say, sysctl, ip, iptables,
vconfig, modprobe, and the like. Hence, just running the right sequence of
(kernel configuration) commands is more straightforward than trying to discover
how to have them run in the same sequence indirectly, by properly setting a
number of configuration files, methinks. In addition, the semantics of high
level configuration files seems to be more likely to change across releases
than that of lower level commands.