Iptables initialization

Dagmar d'Surreal dagmar.wants at nospam.com
Sat Feb 14 08:51:27 PST 2004


On Thu, 2004-02-12 at 23:48, ken_i_m at elegantinnovations.net wrote:
> On Thu, Feb 12, 2004 at 07:32:11PM -0500, Archaic (archaic at indy.rr.com) wrote:
> > Just a note; I also prefer specifically denying certain known weaknesses
> > as well, even if they would be denied by default. The reason for this is
> > in case I make some bonhead mistake when allowing something, it will
> > still be denied.
> 
> This may work for a system where you are the sole admin but it does not 
> scale.  I work with a sysadmin who does as you do.  The print out of the 
> ruleset goes for pages.  Fortunately, the task of rewriting them has been 
> given to me.  Sanity will reign.

*applause*

Pay attention folks... this is not a man who is declaring things should
be simple out of laziness.  "Laziness" of this type is gold.  Something
that takes a lot of work to understand will take even more work to fix
and be more prone to error.  A law of mechanics applies here I've not
yet found the axiom for (more moving parts means more parts that can
fail or something like that).
-- 
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org




More information about the hlfs-dev mailing list