RE: [gentoo-user] Re: iptables example on Gentoo

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Dave Nebinger" <dnebinger@joat.com>
To: <gentoo-user@lists.gentoo.org>
Subject: RE: [gentoo-user]  Re: iptables example on Gentoo
Date: Wed, 07 Sep 2005 15:53:44 -0400	[thread overview]
Message-ID: <005201c5b3e5$dad1ea80$4501010a@jnetlab.lcl> (raw)
In-Reply-To: <loom.20050907T210545-761@post.gmane.org>

> > That's all I'm going to say in the face of all this needlessly insulting
> > behaviour.
> 
> Holly, I have not nor do not intend to insult or constipate anyone.
> Sincere apologies. However, I find this very strange that published
> rulesets do not exist for iptables/netfilter, for simple and common
> things lick a home-office router with (3) nics, including LAN, WAN
> and DMZ with optional web and dns(internal) servers. If you find my
> sharing these thoughts with you, and the 50 times I've had to write
> that I'm interested in iptables/netfilters and not shorewall, then
> I think you are a bit too sensitive about divergent opinions.

Up to now I haven't really wanted to have someone bounced from the list; but
your lack of sensitivity and generally insulting manners make you the first
obvious candidate for such a bouncing.

> > Good morning, this is the general users list. If you want the security
> > experts, try
> 
> > gentoo-security  	For the discussion of security issues and fixes
> > gentoo-hardened 	For a security hardened version of Gentoo
> 
> You mean I have to go to this group to find detailed documentation
> in iptables/netfilter rulesets that are indeed secure, published,
> and used in more than one place?

Why do you think that iptables/netfilter is exclusive to gentoo?  It is a
general linux question; iptables is not a product of gentoo.

There are no such published, shared rule sets because each site has it's own
security requirements and places different priorities upon the rules.  Some
will prioritize the connection tracking rules above the service rules (to
optimize outbound active connections over new service connections) whilst
others will prioritize them in the opposite direction.  And the services
themselves can be prioritized differently.

If you really want the down and dirty on iptables, go out and buy "Linux
Firewalls" by Ziegler and Constantine.  It describes every nook and cranny
of iptables.

In the mean time, welcome to my kill file.

-- 
gentoo-user@gentoo.org mailing list

next prev parent reply	other threads:[~2005-09-07 20:04 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-09-06 17:22 [gentoo-user] iptables example on Gentoo James
2005-09-06 17:39 ` Dave Nebinger
2005-09-06 17:53   ` Holly Bostick
2005-09-06 18:25     ` [gentoo-user] " James
2005-09-06 19:04       ` Dave Nebinger
2005-09-06 20:00         ` James
2005-09-06 20:39           ` Dave Nebinger
2005-09-07  0:02         ` gentuxx
2005-09-07  1:20           ` W.Kenworthy
2005-09-07 13:08           ` Dave Nebinger
2005-09-07 17:06             ` James
2005-09-07 18:14               ` Holly Bostick
2005-09-07 19:11                 ` James
2005-09-07 19:53                   ` Dave Nebinger [this message]
2005-09-08 18:14                     ` James
2005-09-08 19:30                       ` kashani
2005-09-07 20:09                   ` Holly Bostick
2005-09-07 18:40               ` gentuxx
2005-09-07 19:29                 ` James
2005-09-07 19:56                   ` gentuxx
2005-09-07 20:49                     ` Dave Nebinger
2005-09-07 18:48               ` Dave Nebinger
2005-09-07 22:08                 ` James
2005-09-07 23:51                   ` gentuxx
2005-09-08  1:23                     ` James
2005-09-08  9:20                       ` Neil Bothwick
2005-09-08 17:43                         ` James
2005-09-08 16:19                           ` James
2005-09-08 16:42                           ` Dave Nebinger
2005-09-09  9:44                             ` Michael Kintzios
2005-09-09 13:38                               ` Dave Nebinger
2005-09-08 17:35                           ` Neil Bothwick
2005-09-09  0:52                       ` Jerry McBride
2005-09-07 23:52               ` Rumen Yotov
2005-09-07 18:48                 ` James
2005-09-07 19:44   ` [gentoo-user] " Bryan Whitehead
2005-09-08  1:34     ` [gentoo-user] " James
2005-09-08 15:37       ` Rumen Yotov
2005-09-09 11:19   ` [gentoo-user] " Timo Boettcher
2005-09-09 14:23     ` Dave Nebinger
2005-09-10 17:04       ` Timo Boettcher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='005201c5b3e5$dad1ea80$4501010a@jnetlab.lcl' \
    --to=dnebinger@joat.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox