Re: ipchains DENY question
On Sat, 2002-12-07 at 10:59, martin f krafft wrote:
> also sprach nate <firstname.lastname@example.org> [2002.12.06.0136 +0100]:
> > firewall-and-forget.
> maybe for a private system. this is *not* the way to practice
> security. security involves ongoing monitoring.
I get stuck in a loop when I try to figure out what to monitor.
If I'm filtering it out, I know (more or less) what it is, and it's not
getting in, so why bother logging?
If I've missed something, well, I don't know how to log it either.
If I log everything (even everything I don't block), I've got a lot of
reading to do - or I'm stuck with grepping for something I haven't
I'm not saying it's a bad idea; I'm just saying I don't know how to do
it. Any suggestions?