Re: is iptables enough?

To: debian-security@lists.debian.org
Subject: Re: is iptables enough?
From: Keegan Quinn <kquinn@respond2.com>
Date: Thu, 20 Mar 2003 09:41:47 -0800
Message-id: <[🔎] 200303200941.47179.kquinn@respond2.com>
In-reply-to: <[🔎] Pine.LNX.4.50.0303191523570.12432-100000@athena.technoendo.net>
References: <[🔎] F98uSRbh1brG7l4TvOo00012cb0@hotmail.com> <a05200f00ba9e6f203add@[192.168.63.11]> <[🔎] Pine.LNX.4.50.0303191523570.12432-100000@athena.technoendo.net>

On Wednesday 19 March 2003 01:07 pm, Ian Garrison wrote:
>    Imo iptables is a reasonably good stateful firewall and is fine in most
> cases.  However, a very wise person once said that the ideal setup is to
> layer more than one implementation of packet filter and firewall between
> the wild and a host/network you wish to protect.  Ideally implementations
> on diverse platforms.

Just remember, that when you do this, you are introducing an additional point 
of failure for each device in the chain.  Some people like to keep these at a 
minimum, especially in the 'revenue-generating' environments you describe.

 - Keegan

Reply to:

Follow-Ups:
- Re: is iptables enough?
  - From: Ian Garrison <bitstream@technoendo.net>

References:
- Re: ptrace vulnerability?
  - From: "Steve Meyer" <steve11523@hotmail.com>
- is iptables enough?
  - From: Jones <jones_mb@yahoo.com>
- Re: is iptables enough?
  - From: Ian Garrison <bitstream@technoendo.net>

Prev by Date: Re: iptables help to forward ports please
Next by Date: Public Alert
Previous by thread: Re: is iptables enough?
Next by thread: Re: is iptables enough?
Index(es):
- Date
- Thread