On Friday, November 11, 2011 11:49 AM, Craig White wrote:
If you want something heavy duty you could simply 'apt-get install shorewall'' but I suspect that you just want to be pedantic. The point that Lamar made - that was that there wasn't any firewall installed by default at all, which I agreed with.
I have seen shorewall generated rules. Far way too much branching off and following rule paths is a pain. For small setups, yes, it will do.
But if you need to handle high traffic and therefore optimize the rules, forget it.
Now if it's package quantity vs. quality type of discussion that you want to have... yes, there are some packages that Ubuntu has that don't interest me in the least but the quantity can be mind boggling. For example (and in my sphere of interest), Ubuntu has pre-built packages for netatalk, davical& bacula which I use everywhere and I am building them from source for RHEL or CentOS deployments. To be fair however, I did have to build cyrus-imapd from source on Ubuntu whereas Simon's packages for RHEL/CentOS are terrific.
1) Not all packages in the provided repos are Canonical supported. Most of them are actually third-party aka 'community' maintained or unmaintained even and 2) You can get a similar if lesser experience with regards to quantity if you also add third-party repos on RHEL/Centos.
Just because you don't get third-party packages available without a bit of tinkering is not that much of a plus for Ubuntu.
Then there's the utility of aptitude/apt-get vs. yum where I can deploy and dynamically manage 'holding' packages on Ubuntu which is simply not available with an rpm/yum package provider. Yum/rpm is good, apt/dpkg is better.
I can play that game too. apt/dpkg is good but yum/rpm is better because it gives me 1) checksums and 2) multi-arch support.
Linux is pretty much still Linux and one thing has become obvious since I started playing around with Ubuntu the last 7 or 8 months... that my skills have improved by learning how the other half lives. I still love Red Hat stuff, still use Fedora for my desktop. Some things Ubuntu does better, some things I much prefer Red Hat methodology. In the end, it's still Linux.
I just can't embrace installing an OS whose security updates have consistently lagged 3-6 months behind.
I would not have said much if you have pushed Debian but Ubuntu? It's a joke. I only happen to have one Ubuntu Hardy server because I did not have a Centos disk at hand when I had to do an emergency installation of a box to take over the predecessor's read RH9 squid/nat box. I have no qualms learning the ropes of another distro but the Ubuntu distro takes the cake for faking a community and having tools that are way behind those available with RHEL/Centos. Does d-i support/have lvm on raid recipes yet?