[MLB-WIRELESS] IP Tables.
Donovan Baarda
abo at minkirri.apana.org.au
Wed Apr 6 11:59:59 EST 2005
On Wed, 2005-04-06 at 10:55 +1000, Peter Lieverdink wrote:
> On Wed, 2005-04-06 at 10:32 +1000, Donovan Baarda wrote:
> > On Wed, 2005-04-06 at 01:11 +1000, sanbar wrote:
> > [...]
> >
> > I'm amazed people still even consider writing iptables rules. There are
> > tons of decent firewall packages out there that will do it all for you.
> > Why re-invent the wheel when you can focus on tweaking the car.
>
> Why should anyone blindly trust a firewall-frontend package maintainer?
> Or install a big frontend just to set up a firewall?
>
> - P.
Because I want to have a life, and am prepared to delegate trust to the
vast community that doesn't have one and has developed/tested/audited
the firewall-front end for me.
In fact, I trust this community to get it right better than I trust
myself... many eyes etc.
This level of thinking will eventually have you security auditing
assembler code. Auditing C code is not enough; the compiler is also an
attack vector.
Also, shorewall hardly constitutes a "big frontend".
--
Donovan Baarda <abo at minkirri.apana.org.au>
http://minkirri.apana.org.au/~abo/
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list