Steve Litt <sl...@troubleshooters.com> wrote: > Good point. Here in my house, I trust everyone with a physical console, > so individual computers have simple or no firewalls.
I'm running servers where you have to assume everyone is out to get you. > My Internet > firewall is pFSense, and every once in a while I use OpenBSD/pf instead: > I long ago gave up dealing with iptables. I've done a little with iptables, but normally use Shorewall. The only systems I don't use Shorewall on are my Xen hosts where I run a small hand-crafted iptables setup. So each interface name appears there. And there's the systems doing PPPoE - so interface name embedded in PPP config. Then I have a fair bit of data collection (interface stats etc), mostly with shell scripts feeding into RRD databases (some of them Cacti, some outside of Cacti). So multiple mentions of interface names there. And finally I have Nagios doing a load of monitoring. Some of that involves using arping (which needs to be told which interface to use) to monitor MAC-IP mappings to detect added/removed devices, and more importantly, duplicated addresses (2 devices set on same address). All in all, it soon adds up. Just one more area where the freedesktop guys really don't have a 'kin clue how systems in the real world get used. Now some of these instances could use a "centrally provided" file by way of includes or similar (at least my custom scripts could) - but not all of these uses offers that facility, now do those that do support a single format. All in all, the easiest way by far is to use stable and user(admin) set names for interfaces ! > AFAIK, those merry jesters > from FreeDesktop.Org consider BSD not important enough to sabotage. :-) _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
