Re: Proposal: enable stateless persistant network interface names

To: debian-devel@lists.debian.org
Subject: Re: Proposal: enable stateless persistant network interface names
From: Jonathan Dowland <jmtd@debian.org>
Date: Tue, 12 May 2015 09:47:14 +0100
Message-id: <[🔎] 20150512084714.GA14901@chew.redmars.org>
In-reply-to: <[🔎] 20150511174038.GB3169@excalibur.cnev.de>
References: <[🔎] 20150508163106.GA2157@excalibur.cnev.de> <[🔎] 20150508174201.GA3687@jtriplet-mobl1> <[🔎] 20150508190624.GA2028@excalibur.cnev.de> <[🔎] 20150508192903.GA9363@cloud> <[🔎] 20150508200436.GB2028@excalibur.cnev.de> <[🔎] 20150508203306.GA9714@cloud> <[🔎] E1YqpR5-0007Ai-6P@swivel.zugschlus.de> <[🔎] 20150511082921.GB1912@chew.redmars.org> <[🔎] 20150511174038.GB3169@excalibur.cnev.de>

On Mon, May 11, 2015 at 07:40:38PM +0200, Karsten Merker wrote:
> On Mon, May 11, 2015 at 09:29:21AM +0100, Jonathan Dowland wrote:
> > On Fri, May 08, 2015 at 11:03:55PM +0200, Marc Haber wrote:
> > > On Fri, 8 May 2015 13:33:06 -0700, josh@joshtriplett.org wrote:
> > > >There are much better alternatives for most common cases.
> > > 
> > > For example being?
> > 
> > ufw is quite nice.
> 
> AFAICS (please correct me if I am wrong) ufw appears to be
> designed for simple "block all access from everywhere on all
> interfaces and explicitly allow exceptions for a few services
> from everywhere" setups, but anything more complex appears to be
> out of its scope.
> 
> So while it is surely nice and useful for the use case it was
> designed for, I cannot see it as a replacement for traditional
> iptables scripts if your setup is even slightly more complex.

The thread I was replying to was 'common cases'. UFW indeed can't do
more complex things, but it is more sophisticated than your summary:
it can do rate limiting and various other things beyond simple
deny-by-default. I wasn't proposing it as a replacement for bare
iptables in all cases.

Reply to:

References:
- Re: Proposal: enable stateless persistant network interface names
  - From: Karsten Merker <merker@debian.org>
- Re: Proposal: enable stateless persistant network interface names
  - From: Josh Triplett <josh@joshtriplett.org>
- Re: Proposal: enable stateless persistant network interface names
  - From: Karsten Merker <merker@debian.org>
- Re: Proposal: enable stateless persistant network interface names
  - From: josh@joshtriplett.org
- Re: Proposal: enable stateless persistant network interface names
  - From: Karsten Merker <merker@debian.org>
- Re: Proposal: enable stateless persistant network interface names
  - From: josh@joshtriplett.org
- Re: Proposal: enable stateless persistant network interface names
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Proposal: enable stateless persistant network interface names
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: Proposal: enable stateless persistant network interface names
  - From: Karsten Merker <merker@debian.org>

Prev by Date: Bug#785087: ITP: golang-go-simplejson -- Go package to interact with arbitrary JSON
Next by Date: Re: Heads up: Upcoming dpkg-buildpackage -j precedence change
Previous by thread: Re: Proposal: enable stateless persistant network interface names
Next by thread: Re: Proposal: enable stateless persistant network interface names
Index(es):
- Date
- Thread