Re: [PLUG] Firewall choices for a small software development business

[Rich Kulawiec <rsk@gsp.org>]

On Tue, Jul 04, 2017 at 11:03:31PM +0100, Lee H. Marzke wrote:
> A small shop likely doesn't have the hours to dedicate to learning something obtuse.

Perhaps, and I can understand that.  But...

I expect anyone who calls themselves a "system admin" to be fluent in at
least half a dozen Unix/Linux dialects on multiple architectures, to be
able to configure firewalls on any of them, to be able to run a sendmail,
postfix, exim, or courier installation, to be able to run apache or
nginx, to be able to run bind or unbound, to be able to compile any/all
of these from source code, to be fluent in C, shell, and at least one
other scripting language, to have comprehensive knowledge of working at
the command line.  And so on: this isn't an exhaustive list by any means,
it's just some off-the-cuff examples.

I think the problem is not that "pf" is obtuse: it's really not.
And the manual/FAQs/tutorials/examples/books do a good job of walking
folks through the process, helping them climb the learning curve.
I think the problem is that over the couple of decades we've really
lowered the bar for what's considered baseline competence.

The irony of this is that learning all this stuff is easier than it
ever has been. There are mailing lists and newsgroups and web sites
for just about everything.  There are FAQs and tutorials and books.
There are search engines.  There are even audiovideo presentations.
Oh yeah, and there are still "man" pages -- although I will grant that
some of the ones associated with obscure/less-used commands are sometimes
much less helpful than they should or could be.

I'm not suggesting that everyone has to be a Perl guru and a Docker guru
and a kernel hacker and a firewall expert and a Java programmer and a
and a and a....   Once upon a time, it really was possible to know pretty
much everything there was to know about 'nix environments, top to bottom.
But that was decades ago, and now the volume of knowledge has become too
large to fit comfortably in one brain.  I'm suggesting that everyone who
wants to be a sysadmin should cultivate their ability to learn whatever
they need to on the fly.

So here's a recommendation for everyone who's just been doing Linux/x86
work.  Buy a cheap old desktop/laptop and put one of the BSDs, or one
of the open versions of Solaris, or something else,  on it.  Or get
your hands on a system with a different architecture -- say, Sparc
or ARM or HPPA or SGI.  (A lot of those are pretty cheap these days.)
Then -- as an exercise -- try to make it functionally identical with
one of your Linux systems.  That may entail lots of configuration,
installing software, building software, coding, scripting, etc.  It might
be a lot of work.  But it's an excellent way to teach yourself a LOT.
(It will also give you a thorough appreciation of portable code. ;) )

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug