also sprach Pascal Hambourg <pascal.mail@plouf.fr.eu.org> [2006.07.04.1505 +0200]: > > accept ESTABLISHED,RELATED > > drop INVALID > > drop ! NEW > > drop ! --syn > > accept --dport ssh > > drop > > Very bad ! The accept rule relies on previous drop rules. I understand the fundamental issue very well. The things that can go wrong here are: - I accidentally delete or comment out one of the drop rules - "drop ! NEW" doesn't do the same as "!drop NEW" due to a bug - the universe folds in on itself Are there any other ones I am overlooking? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system a cigarette a day will make you fly away.
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)