Linux Based Firewalls
bscott at ntisys.com
bscott at ntisys.com
Fri Nov 14 09:55:51 EST 2003
On Fri, 14 Nov 2003, at 9:43am, steveo at syslang.net wrote:
> A proper layer for creating a firewall is going to do a lot more
> boilerplate than you would probably know to do.
Again: There's no substitute for knowing what you're doing. If you don't
know what to do, how do you know your canned firewall script is going to do
the right thing for your needs?
> There's actually a lot of stuff (in the literature) that all firewalls
> should do that falls outside of the specific rules that you would come up
> for your specific needs.
That's a contradiction. By definition, one's specific needs are the
things that you need that "all firewalls" don't know about.
I agree that one should make sure that one's firewall policy implements
all the best possible defenses, but again, one needs to know what those
defenses are before you can use them correctly.
--
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind. |
More information about the gnhlug-discuss
mailing list