Subject: Re: how to interpret the examples in /usr/share/examples/ipf
To: None <hubert.feyrer@informatik.fh-regensburg.de>
From: David Maxwell <david@fundy.ca>
List: current-users
Date: 12/13/1999 11:43:55
On Mon, Dec 13, 1999 at 04:25:39PM +0100, Hubert Feyrer wrote:
> On Mon, 13 Dec 1999 eric.delcamp@legrand.fr wrote:
> > About this, could we have USEFULL examples of ipf.conf in
> > /usr/share/examples/ipf, instead of the ones from sources ?
> > By usefull, I mean something like a total firewall, with or without ipnat,
> > etc... Maybe could we include the 'how-to' or at least put the web-address
> > somewhere ?
> 
> I've added the FAQ's URL to the Networking section of our documentation.

Yes, that's appropriate - trying to teach people how to build firewall is
_not_.

If one doesn't know what actions a firewall needs to take, I don't want one
thinking one can do it right after reading one file in the NetBSD source
tree.

Putting a 'total firewall' in the tree would be bad, since a firewall needs
to be designed to suit the network. Configuration is more important than
which software you use.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
If you don't spend energy getting what you want,
	You'll have to spend it dealing with what you get.
					      - Unknown