From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-45617-garchives=archives.gentoo.org@gentoo.org>)
	id 1Fy5Da-0000ZC-Rg
	for garchives@archives.gentoo.org; Wed, 05 Jul 2006 11:06:55 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65B33MZ025065;
	Wed, 5 Jul 2006 11:03:03 GMT
Received: from mail.gmx.net (mail.gmx.net [213.165.64.21])
	by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k65AniD3021235
	for <gentoo-user@lists.gentoo.org>; Wed, 5 Jul 2006 10:49:44 GMT
Received: (qmail 17587 invoked by uid 0); 5 Jul 2006 10:49:44 -0000
Received: from 157.247.252.14 by www064.gmx.net with HTTP;
 Wed, 05 Jul 2006 12:49:43 +0200 (CEST)
Content-Type: text/plain; charset="iso-8859-1"
Date: Wed, 05 Jul 2006 12:49:44 +0200
From: jarry@gmx.net
In-Reply-To: <44AB6C6A.9040008@mid.message-center.info>
Message-ID: <20060705104944.36560@gmx.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com>
 <44AB1C8E.4090903@gmail.com> <44AB6C6A.9040008@mid.message-center.info>
Subject: Re: Re: [gentoo-user] Protecting my server against an individual
To: gentoo-user@lists.gentoo.org
X-Authenticated: #787166
X-Flags: 0001
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id k65B33Mr025065
X-Archives-Salt: 375ed86d-c36e-4361-bfaa-0b13a9d240a2
X-Archives-Hash: bae232108e471c0c3225b08ef4109144


Alexander Skwar <listen@alexander.skwar.name> wrote:

> > you're running a firewall of some kind (and you'd be crazy not to for=
=20
> > any publically accessible box),
>=20
> Actually, I'd disagree. If only the necessary publicly accessible
> services
> are running on a box, what good should a "firewal" (I suppose you mean
> packet filter, like iptables) do? The only useful measure I can think
> about, is to do rate limiting. But what else?

Just to name a few:
-permitting certain services for certain hosts (ip/mac based)
-time/cpu-load based restriction on certain services
-filtering malformed/fragmented packets
-implementing port-knocking feature
-statistical evaluation of traffic (ip/protocol/service based)
etc.

All of the above mentioned is probably possible to do using
different method, but why not use iptables for it?

Jarry

--=20


Echte DSL-Flatrate dauerhaft f=FCr 0,- Euro*!
"Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl
--=20
gentoo-user@gentoo.org mailing list