On Thursday, December 09, 2010 03:40 AM, Les Mikesell wrote:
How many of those use the same commands to start/stop/save-current-config? Where do they keep the configs? How If you deployed applications on all of them, how much time would it take to train the operators that do the install and maintenance to deal with all the variations? What if you switch to Solaris or a *bsd version? These aren't so much an issue if you use separate hardware for firewalling as when you run the host firewall on every device.
I think it is fine that non-standards-conforming things exist. I just like to avoid them as much as possible myself - and certainly to avoid having them intimately intertwined with applications that would otherwise be portable.
At least you are consistent in not using every layer available to you. How about you be more consistent by advocating the non-use of iptables and the use of hardware firewall because iptables is non-standard too?
Or rather stop telling people not to use SELinux and iptables on this list just because you don't want to use any of these tools because it is too troublesome for you and your gang.