archaic at indy.rr.com
Sun Feb 15 09:29:45 PST 2004
On Sun, Feb 15, 2004 at 05:20:01PM +0200, Tarek W. wrote:
> 2) on the lan side, where data transfers reach higher speeds it would
> be pretty easy to cut down on the number of rules.
Egress filtering is as important as ingress filtering. Especially if a
windows box exists on your network, or a person comes along and plugs in
to your network. Granted, if people can just plug in without anyone
noticing, that problem must be taken care of, but I would imagine it's
more likely than people admit, just because we don't here about it a
> now, nobody mentioned stateful firewalling
I would hope that is because we know enough here to universally assume
that one would be doing that. It's rather ubiquitous to iptables.
Love your country, but never trust its government.
- Robert A. Heinlein.
More information about the hlfs-dev