Re: [Setup-tool-hackers] I thought I would check and see first...

[Mitch Allmond <gte203h prism gatech edu>]

sounds like a good start when installing a system but to be honest, it's the lazy
way out. Taking the lazy and easy way out is one of gnome's number one problem.
Take the panels, menus, and control panel that we currently have. It looks as if
no one even attempted to design a good UI. Things are just stacked into menus and
in submenus. There really isn't much sense in doing something if it's going to be
done half ass. I realize that anyone that attempts the type of firewall utility
I'm talking about is going to face major issues and obstacles. However, they are
all obstacles that can be overcome if a little time goes into the design. Most
linux programmers are too quick to start coding and completely leave out the
whole design part.  From what I can tell, most people that will actually care to
use a firewall in any serious manner will do so for masquerading, port
forwarding, and port blocking. People that are just on a dial up or cable modem
with no lan will never need it beyond being a toy. The most they'll want is spoof
and flood protection. That's really all they need if their distro doesn't start
every last service known to man. In fact, distros like redhat, etc.... shouldn't
start any service by default besides sshd. Anyway, looking at what people will
most likely use the firewall for, I don't see how redhat's firewall script will
be much of a help. I like my basic UI layout I gave via the jpeg.  It's pretty
straight forward and can obviously take improvements. The trivial matters such as
quake players, etc...... can also be ironed out with some elegance if thought is
put into it. We are talking about the setup utilities that will be part of the
Gnome 2.0 platform guys. We all know that linux has no chance in the near future
to ever make it as a major desktop os but there is already strong holding for
linux as a server os. In that regards, shouldn't we have a set of utilities in
the control panel that would be a admins dream? Such utilities would certainly
get use more leverage.  You may say, a good admin would make his own scripts,
edit his own files, etc.... That's very true and it's only true because there are
no good tools to do it for him. However, take a look at (my personal favorite)
mac os X. It's absolutely stunning and looses no power at all through it's UI
cause it's UI is that good. Mac OS X Server is incredible. Yet, it's just a
darwin kernel. Nothing that much more special than the linux kernel but it's the
well thought out UI that makes it good.

Telsa Gwynne wrote:

> On Tue, Jul 24, 2001 at 02:48:02PM -0600 or thereabouts, Burra wrote:
> >
> > Right... so how about this for the "basic" configuration dialog:
> >
> > Allowed Services:
> > SSH []  FTP []  TELNET []  Ping []
> >    ... etc ...
> >
> > Anti Spoofing protection []
> > Syn flood protection []
> > Port scan protection []
> > Accept all local packets []
> > Accept all established connections []
> > Accept all  related connections []
> > Trusted hosts: _____________________________________
> > Block hosts: _____________________________________
> >
> > ... something like the above, but I will make it much easier to use and
> > multi-interface compat.
>
> How to explain spoofing, syn floods, port scans, packets and so on gets
> to be a lot of fun. I wrote the docs for gnome-lokkit (see below) and
> you also end up having to tell people "These programs won't work now
> you have a firewall; here are command-line equivalents". (Quake players
> who do not want to rea the IP-Masq-HOWTO are completely stuck, for
> example. I have found no simple way to fix that.)
>
> Anyway, check out gnome-lokkit in gnome cvs:
>
> README
>   Lokkit is an attempt to provide firewalling for the average Linux end user.
>   Instead of having to configure firewall rules the Lokkit program asks a
>   small number of simple questions and writes a firewall rule set for you.
>
>   Lokkit is not designed to configure arbitary firewalls. To make it simple to
>   understand it is solely designed to handle typical dialup user and cable
>   modem setups. It is not the answer to a complex firewall configuration, and
>   it is not the equal of an expert firewall designer.
>
> HACKING
>   Translations
>         Feel free to commit translations and translation changes if you are
>         a Gnome translator (and thanks for doing all that work)
>
>         If you need the code changing because of translation problems please
>         mail first. I'll be glad to assist even if you can't provide the
>         code changes yourself
>
>   Code
>         If you want to make changes to the code please talk to Alan
>         <alan@redhat.com> first. In paticular I intentionally do not wish to
>         add more questions/features to this program
>
>         If you are doing a writer module for another OS go ahead and
>         commit it.
>
> NEWS
>   This is the third release of gnome-lokkit properly packaged as a Gnome
>   application. It requires Debian or Red Hat Linux (or similar init files) and
>   RP3 to be installed. Those are short term requirements. Fixes for other
>   distributions are welcomed.
>
>   In theory a non Linux port should just require adding a new writer module
>   for your OS, providing it has vaguely sane firewall facilities.
>
> The "don't want to add too much more" is because for a new user it is
> quite complicated enough already, despite having one question per screen.
> It's a lot to take in if you are new.
>
> Telsa
>
> _______________________________________________
> setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> http://lists.ximian.com/mailman/listinfo/setup-tool-hackers


_______________________________________________
setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
http://lists.ximian.com/mailman/listinfo/setup-tool-hackers