Re: ipchains DENY question

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: ipchains DENY question
From: Richard Hector <rhector@actrix.gen.nz>
Date: 07 Dec 2002 12:30:34 +1300
Message-id: <[🔎] 1039217434.354.4.camel@diamond>
In-reply-to: <[🔎] 20021206215928.GL32680@fishbowl.madduck.net>
References: <[🔎] 20021206002153.1891.qmail@mauve.rahul.net> <[🔎] 60074.10.10.10.7.1039134969.squirrel@webmail.linuxpowered.net> <[🔎] 20021206215928.GL32680@fishbowl.madduck.net>

On Sat, 2002-12-07 at 10:59, martin f krafft wrote:
> also sprach nate <debian-user@aphroland.org> [2002.12.06.0136 +0100]:
> > firewall-and-forget.
> 
> maybe for a private system. this is *not* the way to practice
> security. security involves ongoing monitoring.

I get stuck in a loop when I try to figure out what to monitor.

If I'm filtering it out, I know (more or less) what it is, and it's not
getting in, so why bother logging?

If I've missed something, well, I don't know how to log it either.

If I log everything (even everything I don't block), I've got a lot of
reading to do - or I'm stuck with grepping for something I haven't
identified.

I'm not saying it's a bad idea; I'm just saying I don't know how to do
it. Any suggestions?

Thanks,

Richard

Reply to:

Follow-Ups:
- Re: ipchains DENY question
  - From: "nate" <debian-user@aphroland.org>
- Re: ipchains DENY question
  - From: Paul Johnson <baloo@ursine.dyndns.org>
- Re: ipchains DENY question
  - From: martin f krafft <madduck@debian.org>

References:
- ipchains DENY question
  - From: conover@rahul.net (John Conover)
- Re: ipchains DENY question
  - From: "nate" <debian-user@aphroland.org>
- Re: ipchains DENY question
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: spamproxyd set-up
Next by Date: Re: grub question - please help
Previous by thread: Re: ipchains DENY question
Next by thread: Re: ipchains DENY question
Index(es):
- Date
- Thread