On 04/23/2011 10:36 PM, spokesinger wrote:
>
> Now, to answer DenverD - why? It is confusing and incomplete. I swear,
> I find it easier to edit iptables configuration files than to use the
> Yast gui iptables interface. It gives you protocols, but doesn’t tell
> you what port they use, even in the info dialog at the end. Meaning I
> have to go somewhere else to go research what I am trying to do. It also
> is difficult, if the protocol that you want opened is not in the list,
> to create a rule. The custom rules, one would think, and so the
> instructions would make you think, should accept multiple ports, and do
> not. Etc. The whole point of using interfaces is to automate those
> things that can be automated and that do not need personal attention.
> The Yast GUI iptables interface does not do a good job of this.
you could use FATE to request YaST be made more complete but i wonder if
this would be helpful: Chapter 14. Masquerading and Firewalls
http://tinyurl.com/4jp4qux
maybe your firewall needs are much greater than mine, but so far i’ve
not had a single break-in with the default installed firewall behind a
NATing router…
> And, yes, you are right - I COULD compile firestarter myself, using
> make and all that, but every time I have tried this procedure (compiling
> from scratch) in the now 3 years I have been using Linux, it failed for
> one reason or another, and required more of my time to go research what
> was wrong and try to find answers. Obviously, since I am writing this
> paragraph, I have never managed to babysit that process successfully
> from beginning to end. It never, for me, just worked.
well you are right, it is necessary to meet the dependencies of the
package, but it is possible to compile and install, otherwise it
wouldn’t be able to be put in an rpm and then into any repo (including
the openSUSE repo)…i mean, maybe you just need more practice…hmmmm,
i guess what i’m saying is: with sufficient patience i think i have
always been successful…yes, i almost always have errors and
dependencies to clear–but, that is expected…this is software
delivered free of cost–it is not necessarily delivered free of user
involvement, frustration, need to hone some skills…or wait patiently
for those who volunteer their time to compile it for you…
“just worked” is a lot to ask for at the price you are paying. (now, if
i shell out for a Mac firewall, i expect it to just work…)
–
CAVEAT: http://is.gd/bpoMD
[openSUSE 11.3 + KDE4.5.5 + Thunderbird3.1.8 via NNTP]
Q: What do you get if you divide the circumference of a jack-o-lantern
by its diameter?
A: Pumpkin Pi!