Some times questions that should be expected to be "just another technical question" apear to have some strange emotinal content for some people. The interesting question then is why does people react with such emotions on a subject that should be only technical ?
At the time I wanted to give the SME server the same and equivalent firewalling capabilities as for instance the Smotthwall firewall, I was flamed page up and page down, just to get that small amount of technical information that I needed to get the development project started and done.
Between all the flames I got also got that single line of information I needed so that the project could be done, so then it was done.
Why is it like that, and how could a strictely technical question give reason to envoke anyone's emotions ?
I the case of the SME server I think this might have to do something with history, as the design of the server and the automated configuration that is in use even today were not done by anyone that is involved the project today, but somebody else, Joseph Morrison back in 1999.
http://forums.contribs.org/index.php?topic=40996.msg190584#msg190584Today nine years later, it is clamed in this forum that the SME server firewall can not to the same things as can be done with for instance the Smoothwall firewall, posted by cactus a few days ago:
To go short, you should stop comparing Smoothwall or any other extensive firewall with SME Server. SME Server has a firewall but it's not the main goal of SME Server, which it is for Smoothwall. It's like apples and bananas
The truth is that all firewalling in the SME server is done by the Linux kernel Netfilter firewall and that the firewalling of the SME server is the identical same as the firewalling of the Smoothwall, as they both relay on the Netfilter firewall, just with some different configuration:
http://www.netfilter.org/After doing my little devolopment project my SME server firewall could do the same things as the Smoothwall firewall, and some more things as well.
When Joseph Morrison did the design of the firewall configuration tools back in 1999 this design had ofcource to be adapted to the framework of the Linux 2.2.x kernel that were in use at this time.
Today the options of Linux firewalling has changed a bit, so a design of 1999 will be rather little effective related to the options of Linux firewalling that exist today and "the age of Netfilter".
The practical way a firewall development can be done is to devide the project into two parts:
1. The firewalling design part, the development of the firewall itself.
2. The design of the automated configuration tools that should do this configuration.
Well, I think that the part 1 should now be a more or less ended story, and it should be interesting to try to look into part 2, how to do the automated configuration tools.
To do that it will be required to know, "how does the existing masq function actually work" ? and "how does the automated configuration tools of the SME server actually work" ?, "How does it work technically, and how did Joseph Morrison think back in 1999 when he did this design ?"
The SME server development manual contains a bit information about principles in the design, but not technical information, as far as I can see, of the type, "how does the pearl based configuration framwork work ?" or "which program is calling which ?" or "how does the masq script work ?" or "is it bether ways to to these things, more adapted to the basic Linux technology of today ?"
Why not rise a "bug" and let "the developers of today" do the job ? Well I did, and I think the anwer was something like "can not be done" ? But actually it can be done, an also the SME firewall can do all the firewalling capabilities of as an example Smoothwall, with some adaption to the Linux kernel that is in use today.
Why not look at this question as just another technical question, that could have anwer A or B or no answer at all ? Should ther be needed even more flaming for a strictely technical question ? Why ?
And the question was, technically, how does it work ? (The firewall itself is the known part. The automated configuration tools is the unknown part.)
Could these questions be treated as what I think they should be, just some technical quite interesting questions, or will it still be "stepping on some one's sencitive toe"
Hopefully technology and open souce can be what it actually should be.
If it should be possible to optain the technical information that I am searching, I will reedit the question to be just a strictly techincal question.
0 Replies
1903 Views