[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] IpTables config file for Dom0

I happily manage via ssh, Shorewall iptables rules for Dom0-DomU routing, with three external public IP addresses, and two vpn WANs. Shorewall version 3 is fantastic. Especially if you're prepared to properly paramatise your script.
I don't feel I'd trust a GUI.
Appologies for off-topic.


On 27/04/2006, at 10:30 AM, Molle Bestefich wrote:

Heiko Wundram wrote:
Molle Bestefich:
Non-GUI-managed firewalls?
When was that considered practical.. circa 1980?

Huh? I don't use a GUI to manage our firewall, and that's pretty standard for
all organizations I know around here.

If you had tried it, I don't think you would be going back to editing
configuration files :-).

Using a GUI to manage a firewall (and
hiding the inherent complexity that a firewall always is), is more errorprone
than an administrator who knows what he's doing and can reasonably
efficiently see what parts of the system a change to the firewall rules would

I don't think that's true.
In fact, I'll bet that the non-GUI user introduces many more errors
because he has a lack of overview in comparison to the GUI user.

additionally, an administrator can compute much shorter
rulesets than an equivalent automated tool.

Who said anything about automated?

Xen-users mailing list

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.