Re: iptables related query

To: debian-user@lists.debian.org
Subject: Re: iptables related query
From: hdv@jadev.org (J.A. de Vries)
Date: Mon, 4 Jul 2005 08:40:51 +0000
Message-id: <[🔎] 20050704084051.GA19846@jadev.org>
In-reply-to: <[🔎] 42C7CE96.80402@mbeaton.id.au>
References: <[🔎] 3df35b76050703020455b7fc29@mail.gmail.com> <[🔎] 20050703103040.GA17054@jadev.org> <[🔎] 20050703104854.GB17054@jadev.org> <[🔎] 42C7CE96.80402@mbeaton.id.au>

On 2005-07-03 @ 21:40:06 (week 26) Mal Beaton wrote:

> I prefer to use sub chains to identify from the internet or from
> internal etc

I do too, but as the corresponding webpage states:

<quote>
Note that this ruleset is written with readability and clearness in mind
so anyone can fathom it. Thus it is optimized for understandability and
not for speed. For a standard workstation or a server with limited
amounts of traffic that won't pose any problem. In an environment with
huge amounts of traffic or where Network Address Translation is used a
more complicated ruleset will be needed. 
</quote>

I might redo it though (if I find the time)...

> I also learnt from a very experienced  firewall administrator to use the
> long switches so anyone else can easily read the scripts

That's very sound advice, which I couldn't agree with more.

Grx HdV

Reply to:

Follow-Ups:
- Fwd: iptables related query
  - From: Yuriy Kuznetsov <yuriy.kuznetsov@gmail.com>

References:
- iptables related query
  - From: Yuriy Kuznetsov <yuriy.kuznetsov@gmail.com>
- Re: iptables related query
  - From: hdv@jadev.org (J.A. de Vries)
- Re: iptables related query
  - From: "J.A. de Vries" <hdv@jadev.org>
- Re: iptables related query
  - From: Mal Beaton <mal@mbeaton.id.au>

Prev by Date: WHAT the Eff is this???
Next by Date: Re: WHAT the Eff is this???
Previous by thread: Re: iptables related query
Next by thread: Fwd: iptables related query
Index(es):
- Date
- Thread