firewalld vs iptables vs ? as default (was Comparison to Workstation Technical Specification)

Stephen John Smoogen smooge at gmail.com
Thu Mar 6 22:49:48 UTC 2014


On 6 March 2014 15:36, Reindl Harald <h.reindl at thelounge.net> wrote:

>
>
> Am 06.03.2014 23:30, schrieb Stephen John Smoogen:
> > I didn't say that roles couldn't work, just that he isn't the target
> audience.
> > From what I have read through the years, Harald has a very strict setup
> which
> > he knows very well and works well for what he needs done
>
> but you do not realize the intention why i care at all!
>
> others not having that strict setup and are at learning
> how to deal with their os without dangerous defaults they
> may not realize soon enough is the intention
>
> what i consider is "how should a linux system work for
> me after the first setup with my knowledge 15 years
> ago"
>

My understanding was that the roles commands were items that the system
administrator ran to set up a system to do a certain task and was set up to
be done for the 60% of the environments which aren't going to play with
defaults in any case. So these were my assumptions:

1) The systems administrator is running these commands.
2) The system administrator level being aimed for is more where they have a
task to do and just want it to work without knowing all these things. (EG
the people who will install cpanel, webadmin, etc without a thought.) We
are just wanting that when they set up those commands they get a working
secure default.
3) The goal is to get these systems up without the admin following the
usual howto of

disable iptables
disable selinux
install package x
install tar-ball from http://reallygoodsite.com/
run cpanel

because they aren't reading anything deeper than that because the problem
they want to solve has nothing to do with the all the packages they are
currently installing. All they want is a web calender and it needs all this
other stuff before they can get it running.

Since these assumptions seem to be wrong, I will bow out of this
conversation.



-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/server/attachments/20140306/8656d4ee/attachment.html>


More information about the server mailing list