[nzlug] Firewall ruleset check...

[Steve Holdoway]

On Wed, 14 May 2008 19:05:26 +1200
Cliff Pratt <enkidu at cliffp.com> wrote:
> Why re-invent the wheel when you can use someone else's expertise.

<hobbyhorse>
Because if you actually understand what you're doing, then you'll do a better job. I doubt that the iptables developers were intending to make their solution as difficult as possible to understand - I suggest that it was the exact opposite, and their solution is as simple as it could possibly be.

These gui tools won't provide the flexibility of the underlying product, and relying on them can foster a lack of understanding of the problem and the tools available to solve it.

I'm a fanatic believer in KISS, but in order to implement that approach, it's imperative that you have a good understanding of the technology involved. I do not equate the availability of a gui tool with that knowledge.

It's like the age old ( well in *nix terms ) question... what's the best programming language? C. Why? Because you can do anything with it. OK then, what's the worst programming language? C. Why? Because you can do anything with it.
</hobbyhorse>

So I say, keep on with your current approach, make loads of mistakes, understand what you did wrong, get it fixed, and only *then* use the shortcuts that make life much easier. 

Sorry, but after pushing 25 years of looking after computers, I see the same basic mistakes made time and time again, and usually because corners have been cut in this way. I'm sure you've seen the same, being at least as old as me! 

IMO, the hard yards need to be travelled (:

Steve
-- 
Steve Holdoway <steve at greengecko.co.nz>