From: jarry@gmx.net
To: gentoo-user@lists.gentoo.org
Subject: Re: Re: [gentoo-user] Protecting my server against an individual
Date: Wed, 05 Jul 2006 12:49:44 +0200 [thread overview]
Message-ID: <20060705104944.36560@gmx.net> (raw)
In-Reply-To: <44AB6C6A.9040008@mid.message-center.info>
Alexander Skwar <listen@alexander.skwar.name> wrote:
> > you're running a firewall of some kind (and you'd be crazy not to for
> > any publically accessible box),
>
> Actually, I'd disagree. If only the necessary publicly accessible
> services
> are running on a box, what good should a "firewal" (I suppose you mean
> packet filter, like iptables) do? The only useful measure I can think
> about, is to do rate limiting. But what else?
Just to name a few:
-permitting certain services for certain hosts (ip/mac based)
-time/cpu-load based restriction on certain services
-filtering malformed/fragmented packets
-implementing port-knocking feature
-statistical evaluation of traffic (ip/protocol/service based)
etc.
All of the above mentioned is probably possible to do using
different method, but why not use iptables for it?
Jarry
--
Echte DSL-Flatrate dauerhaft für 0,- Euro*!
"Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2006-07-05 11:06 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-04 22:56 [gentoo-user] Protecting my server against an individual Grant
2006-07-04 23:54 ` [gentoo-user] " James
2006-07-05 0:38 ` Grant
2006-07-05 0:51 ` Dale
2006-07-05 2:17 ` Thomas Cort
2006-07-05 3:37 ` James
2006-07-05 7:35 ` Alexander Skwar
2006-07-05 1:57 ` [gentoo-user] " Ryan Tandy
2006-07-05 7:38 ` Alexander Skwar
2006-07-05 9:23 ` Trenton Adams
2006-07-05 11:02 ` Alexander Skwar
2006-07-05 12:03 ` jarry
2006-07-05 16:38 ` Daniel da Veiga
2006-07-05 10:49 ` jarry [this message]
2006-07-05 12:45 ` W.Kenworthy
2006-07-05 16:40 ` Ryan Tandy
2006-07-05 23:31 ` Lord Sauron
2006-07-05 23:58 ` Ryan Tandy
2006-07-06 0:30 ` Steven Susbauer
2006-07-06 0:36 ` Ryan Tandy
2006-07-06 7:07 ` Lord Sauron
2006-07-06 14:39 ` Daniel da Veiga
2006-07-07 16:46 ` Devon Miller
2006-07-06 6:11 ` Alexander Skwar
2006-07-06 7:12 ` Lord Sauron
2006-07-06 9:12 ` Alexander Skwar
2006-07-11 7:40 ` Daevid Vincent
2006-07-05 2:35 ` Thomas Cort
2006-07-05 10:22 ` Daniel
2006-07-05 13:36 ` [gentoo-user] " dnlt0hn5ntzhbqkv51
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060705104944.36560@gmx.net \
--to=jarry@gmx.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox