On Wed, 2004-04-07 at 10:01, Andrew Jorgensen wrote: > On Tue, 2004-04-06 at 17:37, Gabriel Gunderson wrote: > > You'll never find anything that does it better than writing a script by > > hand... > > When it comes to something security-related this is so very wrong. Doing > it yourself means you get to make all the same mistakes everyone else > made when they did it themselves.
WHAT? I don't know what you're smoking. There is NO way a canned solution can give you the lock-down on your network traffic that your own rules can. Yea, you might have to learn something in the process, but when you are done you know exactly what may or may not happen on your network. > I'll bet you use an early version of > WEP on your wireless network don't you? The people who invented WEP had > the same idea: let's just do it ourselves! I don't pretend to secure wireless. But good guess. > No, If you want to learn iptables, go learn iptables. If you want to > secure a network, use a well-respected peer-reviewed solution. If you > want to do both, experiment with iptables in some safe environment and > then see if you can't contribute something to your favorite > well-respected peer-reviewed project. Really, I'm shocked to hear this from anyone on this list. I'll agree that there are projects out there that will do a "good enough" job but what if it doesn't do exactly what I want it to? That is the beauty of Linux - do just what you want. Sure, for some it's a matter of "giving them just enough rope to hang themselves" but for the rest of us it's a huge relief that we don't have to depend on others to decide what our priorities are. So, use a canned solution when you just want it to work. Do it yourself when you have time and really want control. iptables fan, G ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
