[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
hi - i'm back!!!!! hi nick - hope all's well. i'm ready yet again to punt in my worthless opinions. what way are the ipchains being used. rather than using rules to deny unwanted stuff, i think its better to have the default policy as DENY and then set up rules to ALLOW what you want. maybe this would cut down on the number of rules required. HTH, kev PS - did i miss an open source day? on Thu, 30 Jan 2003, Purvis Robert wrote: > >> How many rules would you say are "too many" to cause ipchains to >> crash? I'm just starting tightening up on one of our servers using >> ipchains. I don't want to shoot myself in the foot. > > I refused to use IPChains, as it always seemed to me BAD > (broken-as-designed). Used BSD for firewall+NAT in the days of > (linux) kernel 2.2. > > But with IPTables, you can use seemingly unlimited numbers of rules. > I've run the complete SPEWS level 1 list - together with a small number > of rules for traffic other than SMTP - on a medium-size box (much > smaller than any you could buy today) whose primary purpose is > not firewalling. > > > -- > Nick Kew > > > -- > The Mailing List for the Devon & Cornwall LUG > Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the > message body to unsubscribe. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.