Alexander Skwar <[EMAIL PROTECTED]> wrote: > > you're running a firewall of some kind (and you'd be crazy not to for > > any publically accessible box), > > Actually, I'd disagree. If only the necessary publicly accessible > services > are running on a box, what good should a "firewal" (I suppose you mean > packet filter, like iptables) do? The only useful measure I can think > about, is to do rate limiting. But what else?
Just to name a few: -permitting certain services for certain hosts (ip/mac based) -time/cpu-load based restriction on certain services -filtering malformed/fragmented packets -implementing port-knocking feature -statistical evaluation of traffic (ip/protocol/service based) etc. All of the above mentioned is probably possible to do using different method, but why not use iptables for it? Jarry -- Echte DSL-Flatrate dauerhaft für 0,- Euro*! "Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl -- [email protected] mailing list
