What is wrong with firestarter?

[Derek Broughton]

Knapp wrote:

> I read something here about Firestarter not being so good to use. What
> is the problem with it? I use it and like it so far but don't want to
> get hacked because of using it over something better.
 
I'm pretty sure it doesn't make a bit of difference which firewall tool you
use in the long run - they all create the same iptables rules, which are
good or bad mostly dependent on the user who created them.  The issues with
firestarter - and _every_ firewall tool I've ever used are all usability. 
It's just not possible for a user to create a safe firewall without
actually understanding iptables, and I don't see why that has to be (otoh,
I'm not smart enough to write the killer replacement :-) ).

Now, I'm going to get a long chain of responses saying that tool "x"
(including firestarter) actually doesn't have this problem :-)
-- 
derek