On Thursday 03 January 2002 19:38 pm, Douglas J Hunley wrote: > Joel Hammer babbled on about: > > I would STRONGLY urge you not to use any script for your security. > > Scripts are basically black boxes. You can't rely on a black box. You > > have to know about security. > > I know. But they are usually good starting points. > > I already know ipchains inside and out. My ipchains script is even up on > the SxS. But I wanted something to look at for iptables. Helps me figure it > out..
When I was running eD2.4, I knew how ipchains worked.... although I still used a script to implement them. But I can tell you I spent a LOT of time dinking with the rules to try to get ipchains to let me get out for vnc, irc, and many other weird protocol things and it wasn't a happy situation. Iptables doesn't have these problems. It will almost anything get OUT, and remembers that a response is due back IN. But won't allow (if you set it that way) strange things to get in, possibly through the holes you made to let something out. It's a whole lot better situation in my view. My $.02. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 01/03/02 20:37 + +----------------------------------------------------------------------------+ "Books are good enough in their own way, but they are a mighty bloodless substitute for life." - Robert Louis Stevenson _______________________________________________ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
