OT: path to fw admin status (was: RE: Can anyone tell me how to do this?)

Jason Opperisano opie at 817west.com
Wed Sep 22 20:14:31 CEST 2004

On Wed, 2004-09-22 at 12:59, Daniel Chemko wrote:
> > learning more about iptables is a nice goal to have.  sometimes i wish
> > it was just as glamorous for people to want to learn more about
> > routing and the OSI model, before becoming super l33t firewall
> > gurus...but i digress...
> Problem is: Neither of these topics can easily be approached by network
> newbs without a lot of setup. There aren't many visiting this list with
> routing more complicated than ip route add x via y

i fully understand *why* this is the way it is, i just *wish* that it
could be different...it was just and off-handed remark inspired by my
lack of coffee.

> As for OSI, any casual admin wouldn't find much real world value in it.
> I'd say OSI influences programmers more than admins. Experienced admins
> do need to understand programming and OSI's a good practical example of
> basic layered approaches, etc.. Plus, since others use OSI as a mindset
> when developing, its good to know where they get their ideas from.

i think the above statement represents the thinking that got us to this
point.  people don't put value on understanding OSI, or think it's
something just for developers; when it fact, it is the foundation upon
which everything we discuss (and more) is based.  that sounds pretty
important to me.  i'd be surprised to find any sort of "networking 101"
text that doesn't bring up OSI in the first 20 pages.  i'd also be
surprised if many people reading that text did anything other than turn
to the next page--to get to the fun stuff.

in a perfect world, one's career would progress up through the layers: 
start out running cable, get into edge switching, move up to some layer3
switching, then WAN routing, dynamic routing protocols, simple network
service administration (dns, dhcp, ntp, ftp)...then firewalling.

if that was the path to firewall admin status--the only questions anyone
would ever have about iptables would be answered in the man page.

obviously, this is not the case, nor do i expect everyone to be some
sort of networking guru before they start using firewalls--it's not
realistic.  i think i've tried to do my part to help out the "n00bs"
without being too abrasive.  again--it was just a off-hand remark...

> Firewalls are an inevitability these days. You either: Don't use a
> firewall and get viruses, or you do use a firewall and you're forced to
> fiddle with it when one of your programs doesn't work. See, your forced
> to learn it if you like networking and administration or not. 

i'm not sure i like the consequences of that statement.  i don't know
the first thing about fixing cars.  i also don't email alt.mechanic for
advice on how change out a transmission, when i probably couldn't even
identify what thing in the car is; in fact, the transmission.

again--i didn't mean any offense with the statement--i'm more than happy
to do what i can to help out here, and i'll try to stick to the plan in
the future:

1) coffee
2) read list email
3) profits!


Jason Opperisano <opie at 817west.com>

More information about the netfilter mailing list