[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains DENY question

On Sat, 2002-12-07 at 10:59, martin f krafft wrote:
> also sprach nate <debian-user@aphroland.org> [2002.12.06.0136 +0100]:
> > firewall-and-forget.
> maybe for a private system. this is *not* the way to practice
> security. security involves ongoing monitoring.

I get stuck in a loop when I try to figure out what to monitor.

If I'm filtering it out, I know (more or less) what it is, and it's not
getting in, so why bother logging?

If I've missed something, well, I don't know how to log it either.

If I log everything (even everything I don't block), I've got a lot of
reading to do - or I'm stuck with grepping for something I haven't

I'm not saying it's a bad idea; I'm just saying I don't know how to do
it. Any suggestions?



Reply to: