netfilter firewalling problems and solutions

Archaic archaic at
Thu Feb 19 11:33:53 PST 2004

On Thu, Feb 19, 2004 at 11:52:03AM -0600, Dagmar d'Surreal wrote:
> Being able to back out changes like this practically requires one to
> adopt a package management system of some sort, and is going to be
> mentioned explicitly once I get around to explanation of why people
> should be separating the build process out and onto some other machine. 
> (In practice, there's also no real need to have an entire compiler suite
> on one's firewall, unless you want to help script kiddies put together
> their rootkit.)

Need is purely a POV situation. I like keeping the compiler on an
encrypted fs in case I need it, however there is validiaty to package
management as well. I don't think the book should default to removing
the compiler or assume any particular package manager. The first is an
admin policy decision and the latter is an admin preference decision. We
need to stick with specifics, and where apropo, list more than one
possibility, if only for an educational boost.


If a thousand men were not to pay their tax-bills this year, that would
... [be] the definition of a peaceable revolution, if any such is

- Henry David Thoreau

More information about the hlfs-dev mailing list