Am Donnerstag 27 April 2006 02:30 schrieben Sie:
> Heiko Wundram wrote:
> > Huh? I don't use a GUI to manage our firewall, and that's pretty standard
> > for all organizations I know around here.
>
> If you had tried it, I don't think you would be going back to editing
> configuration files :-).
I did try it, more than once, and I sure as hell always went back editing
configuration files every single time, because I felt that I could achieve my
goal faster, and inherently less error-prone that way. ;-)
> > Using a GUI to manage a firewall (and
> > hiding the inherent complexity that a firewall always is), is more
> > errorprone than an administrator who knows what he's doing and can
> > reasonably efficiently see what parts of the system a change to the
> > firewall rules would affect,
>
> I don't think that's true.
> In fact, I'll bet that the non-GUI user introduces many more errors
> because he has a lack of overview in comparison to the GUI user.
That's not true. Normally, the firewall administrator will be a job with a
dedicated person, who only takes care of the firewall, and doesn't rotate
between several different people. The firewall administrator knows what the
firewall looks like (at the moment), and so, it should be easy for him to
remember the general layout of the current ruleset, and also to remember
changes he did to that (because he probably also designed the firewall) to
implement a new ruleset. A GUI doesn't make it easier to remember the
ruleset; you just get icons which signify what the current ruleset basically
looks like. That doesn't make it easier, it makes it more colorful.
> > additionally, an administrator can compute much shorter
> > rulesets than an equivalent automated tool.
>
> Who said anything about automated?
Have you seen what amounts of cruft FWBuilder spits out? I'd call that magic
and automated.
--- Heiko.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home