-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi folks,
Am Di den 6. Dez 2016 um 0:07 schrieb Daniel Reurich: > On 06/12/16 05:50, Lars Noodén wrote: > > Where should we be commending the storage of iptables rules in Devuan > > Jessie? > > There should not be a default location. It should be left to each > firewall application to define. This is particularly important as > iptables has a competitor in nftables and likely to be deprecated at > some point so we can't guarantee into the future that iptables will > always exist. Well, I think, there should be an advice. Historical I use /var/lib/iptables. But that is only great when using dynamic iptables. Present days I do them manually so /etc/something might be better. > Generally a well setup Linux system has no network connectable services > running that aren't intended to be, in which case it's relatively > resistant to hacking attempts. This means firewall in a well secured > network is generally not necessary or desirable. The only instance I'd > consider a workstation firewall is a laptop connecting to untrusted > networks regularly. Well, except avahi, cups, samba, ntp, rpcbind and some other bad designed tools that default listen on 0.0.0.0 and that are pulled in with a common linux desktop installation. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlhGfOIACgkQpnwKsYAZ 9qwjTAwAplGCDBgKXqCG6dBTDGQMvSq7njhWqfnjgzGVPXc6zrcVvF2HHpJd5D7Q MnmMzoEHRa7dma9JAThaAU4qY/zJJH9/k9EOpNUE1Ktx/3wWuQ+BOjggD5ogmVcY wjKPgiwkf9v55CWGVRPWas2IRZL6z+SqUcJMPDEId02EUiiAZMDGRc8K8RRKtkTY onX7Cbe2YMM9l4ngmTEqmkkns10+dRlWe5aB1FfFtSKYE6js4fQLpI43nZjcol74 5Qz5Er96gsTgfTMwk6VCqBPLD/CMb30x2npbKwOQigVlHHxeBAsJ7Gu2MizL/JAV tCuWRaCsj2CDPrhcwOQd8FifzJawUEMLzBNv04XSBUrthJEiutJ4W9VWOVWb/sd8 8Kp0WQBZI+gvuqDq9psl+n2dF8ifjBwioo07jWF1IniVNoI77/HOVQH6SDwY4OWR P4LWH3irqseCdRHY87Q5qn6eevO2S4g74EGMA9zUJTwSnEDgg23/aw0YUqNFPOHZ xA4uEeST =+yMS -----END PGP SIGNATURE----- _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
