1 |
Alexander Skwar wrote: |
2 |
> Ryan Tandy wrote: |
3 |
> |
4 |
>> you're running a firewall of some kind (and you'd be crazy not to for |
5 |
>> any publically accessible box), |
6 |
> |
7 |
> Actually, I'd disagree. If only the necessary publicly accessible services |
8 |
> are running on a box, what good should a "firewal" (I suppose you mean |
9 |
> packet filter, like iptables) do? The only useful measure I can think about, |
10 |
> is to do rate limiting. But what else? |
11 |
> |
12 |
> Alexander Skwar |
13 |
|
14 |
Point taken, and agreed with. I retract the "crazy not to" part; |
15 |
however, some netfilter/iptables features can be very handy in limiting |
16 |
access to said services (e.g. dropping all SSH connections not coming |
17 |
from your IP). |
18 |
|
19 |
I guess sometimes my Windows days do come back to haunt me... ;) |
20 |
-- |
21 |
gentoo-user@g.o mailing list |