Re: [fw-wiz] Firewalling at the domain users level instead of network level

To: debian-firewall@lists.debian.org
Subject: Re: [fw-wiz] Firewalling at the domain users level instead of network level
From: Daniel Pittman <daniel@rimspace.net>
Date: Thu, 22 Jul 2004 12:29:25 +1000
Message-id: <[🔎] 87fz7klqpm.fsf@enki.rimspace.net>
References: <40FA1B9E.7070206@netvisao.pt> <A0F682D2-D9AF-11D8-8C40-003065ABFD92@codefab.com> <[🔎] 40FDE4E3.50502@netvisao.pt> <[🔎] 87r7r6nfla.fsf@enki.rimspace.net> <[🔎] 1090391655.933.16.camel@charlie.generalpants.com.au> <[🔎] 877jsxoly5.fsf@enki.rimspace.net> <[🔎] 40FEA718.2000501@netvisao.pt>

On 22 Jul 2004, Santos wrote:
> Daniel Pittman wrote:
>> On 21 Jul 2004, charlie wrote:
>>> On Wed, 2004-07-21 at 14:34, Daniel Pittman wrote:
>>>> On 21 Jul 2004, Santos wrote:
>>>>> Chuck Swiger wrote:
>>>>>> On Jul 18, 2004, at 2:41 AM, Santos wrote:

[...]

>>>>> From my years of experience, I would advise that you go back to your
>>>> client and suggest to them, gently but firmly, that trying to apply a
>>>> technical solution to a social problem is seldom effective.
>
> Well this was one of the main concerns the client talked about,  as it
> it is now, everyone can access everything, and the client doesn't like
> it. Not that the client wants to implement a china firewall/restrictions
> or something it's just that the client doesn't want people to access
> files and resources they shouldn't be accessing.  

*nod*

> And let me disagree a little with you, sometimes applying a techical
> solution to a social problem works much more than seldomly, you just
> can't say to all script-kiddies, "Please don't hack my Samba and
> Sendmail machines , k? Thanks!" :) 

Ah, yes. I should clarify - I meant "social problem" in the sense of
"within a group", rather than "within the world".

> So you have to put a firewall there. But if you were talking about the
> social problems inside the network and not the big bad internet, you
> may be right.

Yes, I was. Sorry that this was not clear.

[...]

> P.S.- I'm new to this list, and... shouldn't the reply be addressed to
> the mailing list instead of the person who sent the message?

I suspect that you have run into the 'no Reply-To' header set by the
list question.

Basically, many lists force 'Reply-To' back to the list. This is broken
for a variety of reasons, which a google for 'reply-to considered
harmful' will lay out to you.

The Debian lists, IIRC, don't do this.

The right solution is to use a mail client that allows you to set a
"list" address in some groups, and will direct responses to that
automatically at the *client* side.

Gnus and (I am lead to believe) kmail and mutt all allow that.

Regards,
        Daniel
-- 
Confidence comes not from always being right but from not fearing to be wrong. 
        -- Peter T. Mcintyre

Reply to:

References:
- Re: [fw-wiz] Firewalling at the domain users level instead of network level
  - From: Santos <casd@netvisao.pt>
- Re: [fw-wiz] Firewalling at the domain users level instead of network level
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: [fw-wiz] Firewalling at the domain users level instead of network level
  - From: charlie <charlesk@generalpants.com.au>
- Re: [fw-wiz] Firewalling at the domain users level instead of network level
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: [fw-wiz] Firewalling at the domain users level instead of network level
  - From: Santos <casd@netvisao.pt>

Prev by Date: Re: Iptables firewall
Next by Date: Réponse automatique d'absence du bureau :
Previous by thread: Re: [fw-wiz] Firewalling at the domain users level instead of network level
Next by thread: Accounting on a firewall
Index(es):
- Date
- Thread