Web lists-archives.com

Re: Why does Debian allow all incoming traffic by default




On Wed, Sep 26, 2018 at 04:07:33PM +0100, Joe wrote:
You're only moving the problem around. Some completely standard piece of
code *somewhere* has to know what is the right place to insert such a
rule. I'll give you an example: neither the beginning nor the end of my
INPUT chain is the right place, because I do some catch-all stuff about
RELATED and INVALID at the beginning of the chain, and some assorted
logging at the end. I don't want anything placed before or after those
parts. In fact, the right place for my server firewall isn't in the
INPUT chain at all, but in one of a few custom chains.

Exactly, it would not be worth attempting to support meshing your setup
with the system I sketched out. This is exactly the situation where I'd
say you go it alone instead, exactly as you do now.


--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.