On Wed, May 13, 2009 at 08:08, Thomas Jacob <jacob@xxxxxxxxxxxxx> wrote: > On Wed, 2009-05-13 at 15:57 +0300, Mihamina Rakotomandimby (R12y) wrote: >> > Is there a problem? >> >> Iptables rules became user friendly! ;-) > > I cannot leave that unreplied. I'd really like to know of a system which > offers the same or better fine grained control and so many features > which is significantly more user friendly than iptables ;-) > > The complexity of iptables stems for the most part from the complexity > of the problem at hand. Sure you can hide that complexity behind fancy > web front ends and there are plenty of those for iptables, in fact, the > firewall configurations in many consumer router boxes today are just > that. > > But doing this also takes away most of the power of iptables or indeed > any other sophisticated firewalling system, and being reduced to that > would be a terrible thing for me at least ;) > > In summary, iptables is appropriately user friendly for its feature set, > and if you don't need most of that feature set, simply use a front end > instead. > > Thomas Agreed. It's just lists of if-match-then-act rules. iptables is already quite easy and simple. How could it be any simpler? I can imagine very little that one could remove or change without reducing functionality. A good example would be -j REJECT in -t nat, and that's already been resolved. It might be nice to merge ip and eb, and as I understand, that work is already under way. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
