On Mon, May 11, 2015 at 07:40:38PM +0200, Karsten Merker wrote: > On Mon, May 11, 2015 at 09:29:21AM +0100, Jonathan Dowland wrote: > > On Fri, May 08, 2015 at 11:03:55PM +0200, Marc Haber wrote: > > > On Fri, 8 May 2015 13:33:06 -0700, j...@joshtriplett.org wrote: > > > >There are much better alternatives for most common cases. > > > > > > For example being? > > > > ufw is quite nice. > > AFAICS (please correct me if I am wrong) ufw appears to be > designed for simple "block all access from everywhere on all > interfaces and explicitly allow exceptions for a few services > from everywhere" setups, but anything more complex appears to be > out of its scope. > > So while it is surely nice and useful for the use case it was > designed for, I cannot see it as a replacement for traditional > iptables scripts if your setup is even slightly more complex.
The thread I was replying to was 'common cases'. UFW indeed can't do more complex things, but it is more sophisticated than your summary: it can do rate limiting and various other things beyond simple deny-by-default. I wasn't proposing it as a replacement for bare iptables in all cases. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150512084714.ga14...@chew.redmars.org