[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] IpTables config file for Dom0

  • To: "Heiko Wundram" <me+xen-users@xxxxxxxxxxxxx>
  • From: "Molle Bestefich" <molle.bestefich@xxxxxxxxx>
  • Date: Thu, 27 Apr 2006 02:30:24 +0200
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 26 Apr 2006 17:30:58 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=EEbqQlyZqdJRJc0jfVZTTczVrC/mnHRRXI1z71ogiZ4BJzZjjOIqij8ixXOEdtGfqSDGfQwU0U5lxtKJtuexZINsJL7ywzlSU6LBw1tsvSzjzof/NF7YZPNcJwP0gBdl7L4YIqCGrBOzafZ9O9ELQvTAxgKNabbhcr1pnmdVwxg=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Heiko Wundram wrote:
> Molle Bestefich:
> > Non-GUI-managed firewalls?
> > When was that considered practical.. circa 1980?
> Huh? I don't use a GUI to manage our firewall, and that's pretty standard for
> all organizations I know around here.

If you had tried it, I don't think you would be going back to editing
configuration files :-).

> Using a GUI to manage a firewall (and
> hiding the inherent complexity that a firewall always is), is more errorprone
> than an administrator who knows what he's doing and can reasonably
> efficiently see what parts of the system a change to the firewall rules would
> affect,

I don't think that's true.
In fact, I'll bet that the non-GUI user introduces many more errors
because he has a lack of overview in comparison to the GUI user.

> additionally, an administrator can compute much shorter
> rulesets than an equivalent automated tool.

Who said anything about automated?

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.