Talk:Firewall Guide

From Void Linux Wiki
Revision as of 01:44, 29 August 2017 by GreattoBeGrateful (talk | contribs) (Acknowledging suggestions re Firewall Configuration page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Merger proposal

'Firewall Guide' has been marked for removal and could be merged with the 'Firewall Configuration' page that is not marked for removal. A page with a title such as 'Firewall Guide' may be an appropriate location for a section to introduce ufw as a simple alternative for less advanced users. Hence the section on ufw firewall is temporarily inserted there. It can be modified or removed if it is inappropriate.

Perhaps this 'Firewall Guide' could be merged, as a temporary solution, with the 'Firewall Configuration' page so that four configurations are offered in total - the two configurations from this page plus the two from 'Firewall Configuration': nftables, 2 x iptables, ufw. An introductory paragraph might be added then? For example, "The following are four possible firewall configurations among others." Perhaps entitle the section with this page's ('Firewall Guide') iptables configuration 'Simple iptables configuration'; and entitle the iptables section in 'Firewall Configuration' 'iptables configuration for IPv4 and IPv6'? - GreattoBeGrateful 27.8.2017

AIUI, besides the way services are started there's nothing Void-specific around iptables, etc. so 3-4 sample configurations sounds excessive to me unless it is documented why someone would prefer one config over another one. Even then, IMHO the average Linux user knows already about firewalling so we should be pointing to upstream documentation anyway. Regardless, I'm not versed into this stuff so my best suggestion is to move the ufw section to Firewall Configuration, which already documents IP4 and IP6 separately and thus looks more complete to me, then get rid of this page to keep things simple.
PS. The editor built in MediaWiki <1.29 provides a button to sign talk articles ;) --Tactica (talk) 10:09, 28 August 2017 (UTC)

Thanks @Tactica for your helpful points; 3-4 sample configurations may indeed be excessive, especially if no reason is given to select one over another. The only reasons presented here are (a) the argument that nftables are superseding iptables according to the netfilter project; and that (b) ufw offers a simple configuration out of the box. Hopefully someone could add more guidance on the pros and cons of each, if someone is willing. We can arrange things at least for now, as you indicate, by only moving ufw over as one solution, and someone can then delete/deactivate or archive, etc the 'Firewall Guide' page. One benefit about documenting several firewall alternatives, just as other wikis do (Gentoo, Arch, Debian to name some), is to have users just ease into the configurations at their 'home' wiki (Void) without having to adapt cli commands into Void xbps-install, ln -s /etc/sv commands. Other matters: has anyone found anything to object to with the new nftables rules? Is the 'Firewall Configuration' title for the other wiki page ok? (For what it's worth, I can accept changes as they come up). Thanks also for pointing out the signing facility; I had tried to use code to attempt to sign an entry in the past, so that tip helps here too! Best wishes, --GreattoBeGrateful 01:44, 29 August 2017 (UTC)