Re: is iptables enough?
On Wednesday 19 March 2003 01:07 pm, Ian Garrison wrote:
> Imo iptables is a reasonably good stateful firewall and is fine in most
> cases. However, a very wise person once said that the ideal setup is to
> layer more than one implementation of packet filter and firewall between
> the wild and a host/network you wish to protect. Ideally implementations
> on diverse platforms.
Just remember, that when you do this, you are introducing an additional point
of failure for each device in the chain. Some people like to keep these at a
minimum, especially in the 'revenue-generating' environments you describe.
- Keegan
Reply to: