| 1 |
Alexander Skwar wrote: |
| 2 |
> Ryan Tandy wrote: |
| 3 |
> |
| 4 |
>> you're running a firewall of some kind (and you'd be crazy not to for |
| 5 |
>> any publically accessible box), |
| 6 |
> |
| 7 |
> Actually, I'd disagree. If only the necessary publicly accessible services |
| 8 |
> are running on a box, what good should a "firewal" (I suppose you mean |
| 9 |
> packet filter, like iptables) do? The only useful measure I can think about, |
| 10 |
> is to do rate limiting. But what else? |
| 11 |
> |
| 12 |
> Alexander Skwar |
| 13 |
|
| 14 |
Point taken, and agreed with. I retract the "crazy not to" part; |
| 15 |
however, some netfilter/iptables features can be very handy in limiting |
| 16 |
access to said services (e.g. dropping all SSH connections not coming |
| 17 |
from your IP). |
| 18 |
|
| 19 |
I guess sometimes my Windows days do come back to haunt me... ;) |
| 20 |
-- |
| 21 |
gentoo-user@g.o mailing list |
Archives