Iptables initialization

Dagmar d'Surreal dagmar.wants at nospam.com
Sat Feb 14 08:51:27 PST 2004

On Thu, 2004-02-12 at 23:48, ken_i_m at elegantinnovations.net wrote:
> On Thu, Feb 12, 2004 at 07:32:11PM -0500, Archaic (archaic at indy.rr.com) wrote:
> > Just a note; I also prefer specifically denying certain known weaknesses
> > as well, even if they would be denied by default. The reason for this is
> > in case I make some bonhead mistake when allowing something, it will
> > still be denied.
> This may work for a system where you are the sole admin but it does not 
> scale.  I work with a sysadmin who does as you do.  The print out of the 
> ruleset goes for pages.  Fortunately, the task of rewriting them has been 
> given to me.  Sanity will reign.


Pay attention folks... this is not a man who is declaring things should
be simple out of laziness.  "Laziness" of this type is gold.  Something
that takes a lot of work to understand will take even more work to fix
and be more prone to error.  A law of mechanics applies here I've not
yet found the axiom for (more moving parts means more parts that can
fail or something like that).
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org

More information about the hlfs-dev mailing list