Re: [Setup-tool-hackers] I thought I would check and see first...

From: Telsa Gwynne <hobbit aloss ukuu org uk>
To: setup-tool-hackers ximian com
Subject: Re: [Setup-tool-hackers] I thought I would check and see first...
Date: Wed, 25 Jul 2001 10:21:46 +0100

On Tue, Jul 24, 2001 at 02:48:02PM -0600 or thereabouts, Burra wrote:
> 
> Right... so how about this for the "basic" configuration dialog:
> 
> Allowed Services:
> SSH []  FTP []  TELNET []  Ping []
>    ... etc ...
> 
> Anti Spoofing protection []
> Syn flood protection []
> Port scan protection []
> Accept all local packets []
> Accept all established connections []
> Accept all  related connections []
> Trusted hosts: _____________________________________
> Block hosts: _____________________________________
> 
> ... something like the above, but I will make it much easier to use and
> multi-interface compat.

How to explain spoofing, syn floods, port scans, packets and so on gets
to be a lot of fun. I wrote the docs for gnome-lokkit (see below) and
you also end up having to tell people "These programs won't work now
you have a firewall; here are command-line equivalents". (Quake players
who do not want to rea the IP-Masq-HOWTO are completely stuck, for
example. I have found no simple way to fix that.) 

Anyway, check out gnome-lokkit in gnome cvs: 

README
  Lokkit is an attempt to provide firewalling for the average Linux end user.
  Instead of having to configure firewall rules the Lokkit program asks a
  small number of simple questions and writes a firewall rule set for you.

  Lokkit is not designed to configure arbitary firewalls. To make it simple to
  understand it is solely designed to handle typical dialup user and cable
  modem setups. It is not the answer to a complex firewall configuration, and
  it is not the equal of an expert firewall designer.

HACKING
  Translations
  	Feel free to commit translations and translation changes if you are
	a Gnome translator (and thanks for doing all that work)

	If you need the code changing because of translation problems please
	mail first. I'll be glad to assist even if you can't provide the
	code changes yourself

  Code
	If you want to make changes to the code please talk to Alan
	<alan@redhat.com> first. In paticular I intentionally do not wish to
	add more questions/features to this program

	If you are doing a writer module for another OS go ahead and
	commit it.

NEWS
  This is the third release of gnome-lokkit properly packaged as a Gnome
  application. It requires Debian or Red Hat Linux (or similar init files) and 
  RP3 to be installed. Those are short term requirements. Fixes for other
  distributions are welcomed. 

  In theory a non Linux port should just require adding a new writer module
  for your OS, providing it has vaguely sane firewall facilities.

The "don't want to add too much more" is because for a new user it is
quite complicated enough already, despite having one question per screen.
It's a lot to take in if you are new.

Telsa

_______________________________________________
setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
http://lists.ximian.com/mailman/listinfo/setup-tool-hackers

Follow-Ups:
- Re: [Setup-tool-hackers] I thought I would check and see first...
  - From: Mitch Allmond

References:
- Re: [Setup-tool-hackers] I thought I would check and see first...
  - From: Mitch Allmond
- Re: [Setup-tool-hackers] I thought I would check and see first...
  - From: Burra

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]