On Thu, Jul 05, 2001 at 03:21:43PM +1000, Crossfire ([EMAIL PROTECTED]) wrote:
> Jobst Schmalenbach was once rumoured to have said:
> > On Thu, Jul 05, 2001 at 11:18:35AM +1000, Crossfire ([EMAIL PROTECTED]) wrote:
[snip]
> Then use ipf which does do things that way.
>
> iptables is bad for people serious about learning because they'll use
> the stateful rules and not learn about whats going on. If you're
> serious about doing anything in this field, you need to understand how
> to filter statelessly, since the majority of packetfilters work in
> that manner.
>
> ie: hard path first, then you can be lazy.
So it *IS* ending up that leg of ((Pascal vs. C)First) ..... ok, I byte.
If you inform yourself using books (eg. Zwicky&Chapman/O'reilly/HOWTOS)
about what a firewall has to achieve, than I dont see the point writing rules
for ipchains, when I just a few weeks later have to re-write them to
make 'em suit to iptables, peoples time cost money after all.
jobst
--
Computers are like air conditioners, they stop working properly if you open Windows.
| __, Jobst Schmalenbach, [EMAIL PROTECTED], Technical Director|
| _ _.--'-n_/ Barrett Consulting Group P/L & The Meditation Room P/L |
|-(_)------(_)= +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia|
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
