On Fri, 2011-11-11 at 11:07 +0800, Christopher Chan wrote:
On Thursday, November 10, 2011 11:33 PM, Craig White wrote:
7- The install, of the virtual host, added libvirt. It did not however install things like virt-install or any other virt software. Infact, no guest installation tools were added, though things like virsh were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to build your own firewall file and add scripts to make it over ride the stock one via the eth you want to use it for....wtf?
all sorts of packages for firewall management.
apt-cache search firewall | wc -l 152
why be content with the minimal firewall tool when you actually can have a choice?
What? Those crap choices like ufw or fwbuilder? Oh, btw, if there really was 152 blooming choices, they would on the most part be total crap.
I like how you seem to think that stuff like upsd, stone, perdition, libiax-dev for a small sample are somehow firewall related.
Managing a firewall on Ubuntu is retarded and I have to write my own scripts to hook into interfaces so that I can a sane set of iptables rules loaded/unloaded without the mess from ufw/fwbuilder/whateverothercrap.
---- don't know a thing about ufw or fwbuilder but if you want simplistic firewall rules (ie, RH/Fedora /etc/init.d/iptables) Ubuntu has iptables-persistent which gets the job done just fine. Of course someone with your skills would have no problem migrating RH's /etc/init.d/iptables to Ubuntu (estimated time, 10 minutes).
If you want something heavy duty you could simply 'apt-get install shorewall'' but I suspect that you just want to be pedantic. The point that Lamar made - that was that there wasn't any firewall installed by default at all, which I agreed with.
Now if it's package quantity vs. quality type of discussion that you want to have... yes, there are some packages that Ubuntu has that don't interest me in the least but the quantity can be mind boggling. For example (and in my sphere of interest), Ubuntu has pre-built packages for netatalk, davical & bacula which I use everywhere and I am building them from source for RHEL or CentOS deployments. To be fair however, I did have to build cyrus-imapd from source on Ubuntu whereas Simon's packages for RHEL/CentOS are terrific.
Then there's the utility of aptitude/apt-get vs. yum where I can deploy and dynamically manage 'holding' packages on Ubuntu which is simply not available with an rpm/yum package provider. Yum/rpm is good, apt/dpkg is better.
Linux is pretty much still Linux and one thing has become obvious since I started playing around with Ubuntu the last 7 or 8 months... that my skills have improved by learning how the other half lives. I still love Red Hat stuff, still use Fedora for my desktop. Some things Ubuntu does better, some things I much prefer Red Hat methodology. In the end, it's still Linux.
I just can't embrace installing an OS whose security updates have consistently lagged 3-6 months behind.
Craig