RE: Block martians with source address 127.0.0.1

From: Thomas Corriher (thomas_corriher_at_earthlink.net)
Date: 06/04/04

  • Next message: Jeremy Jackson: "Re: OpenVPN?" 
    Date: Fri, 4 Jun 2004 09:50:07 -0400 (EDT)
To: Bjørn Rasmussen <bjoernr@sensewave.com>

    I'm sure this thread will die soon, but it has given us
    pause to consider how complex network security is -- and the
    dangers of attempting to over-simply the details. I
    apologize for my careless mistakes, and appreciate the
    technical corrections. My experience is with kernel chains,
    (not tables) so I would need to do some homework myself
    before upgrading to the ip-tables -- or refresh my memory if
    I made major changes to my existing chains. All of us must
    do our homework or face consequences.

    The thing about having a logging rule on a separate line may
    be possible with the tables, but being possible does not
    make it wise. Frankly, I think doing that is stupid. It
    inserts unnecessary complexity and potentially places the
    rules which apply to a specific packet in completely different
    locations; which naturally could cause serious unintended
    consequences. It is almost common sense that this sort of
    stuff ought to be grouped together. 

    -- 
  Thomas Corriher
  A.I.M.: corriherct
  phone: 336-391-2713
  "There's no such thing as legacies. At
  least, there is a legacy, but I'll never
  see it."
    -- George W. Bush
  • Next message: Jeremy Jackson: "Re: OpenVPN?"