Re: How to tell if a Linux machine is a zombie?

To: debian-user@lists.debian.org
Subject: Re: How to tell if a Linux machine is a zombie?
From: Douglas Tutty <dtutty@porchlight.ca>
Date: Thu, 11 Jan 2007 08:34:26 -0500
Message-id: <[🔎] 20070111133426.GA11934@pluto>
In-reply-to: <[🔎] g7sg74xthc.ln2@ursa-major.ursine.ca>
References: <[🔎] 20070108191301.GA555@cromwell.tmiaf> <[🔎] 03e301c7337e$a268c6e0$0500ac0a@slider> <[🔎] ulpb74xfqt.ln2@ursa-major.ursine.ca> <[🔎] 20070109140527.GB1294@pluto> <[🔎] cn6d74xtl6.ln2@ursa-major.ursine.ca> <[🔎] 20070109230700.GA1497@pluto> <[🔎] h2rf74xtgc.ln2@ursa-major.ursine.ca> <[🔎] 20070111002656.GC1474@pluto> <[🔎] g7sg74xthc.ln2@ursa-major.ursine.ca>

On Wed, Jan 10, 2007 at 08:49:20PM -0800, Paul Johnson wrote:
> Douglas Tutty wrote:
> 
> > On Wed, Jan 10, 2007 at 11:23:29AM -0800, Paul Johnson wrote:
> >
> >> I think shorewall assumes that you don't really want to block /all/
> >> outbound traffic and does the right thing, then.
> >  
> > Before you assume this, you should check the netfilter docs.  If by
> > default I block all outgoing and incomming connections then there's no
> > way to establish an 'existing' connection in the first place.  If I
> > allow outgoing http requests then the data is allowed back in without me
> > opening the http port to allow incoming requests.  That's the heart of
> > netfilter.
> 
> Aah, OK.  I must be thinking ipchains or ipfw from back in the day or
> something.  Netfilter isn't such a pain by comparison to those two.

As I understand it, that's the big difference between netfilter/iptables
and ipchains.  Note that, at least for Sarge, some of the
firewall-building packages use ipchains instead of iptables/netfilter.
They're more difficult to get as tight a controll on packets.  Shorewall
lets you control each kind of packet for separate directions.  Each of
one's choices in the configuration is really a meta-choice; shorewall
takes care of the nitty-gritty.

Doug.

Reply to:

References:
- How to tell if a Linux machine is a zombie?
  - From: "Russell L. Harris" <rlharris@oplink.net>
- RE: How to tell if a Linux machine is a zombie?
  - From: "James Stevenson" <james@stev.org>
- RE: How to tell if a Linux machine is a zombie?
  - From: Paul Johnson <baloo@ursine.ca>
- Re: How to tell if a Linux machine is a zombie?
  - From: Douglas Tutty <dtutty@porchlight.ca>
- Re: How to tell if a Linux machine is a zombie?
  - From: Paul Johnson <baloo@ursine.ca>
- Re: How to tell if a Linux machine is a zombie?
  - From: Douglas Tutty <dtutty@porchlight.ca>
- Re: How to tell if a Linux machine is a zombie?
  - From: Paul Johnson <baloo@ursine.ca>
- Re: How to tell if a Linux machine is a zombie?
  - From: Douglas Tutty <dtutty@porchlight.ca>
- Re: How to tell if a Linux machine is a zombie?
  - From: Paul Johnson <baloo@ursine.ca>

Prev by Date: Re: Encrypted email question
Next by Date: Re: Iceweasel download manager problem
Previous by thread: Re: How to tell if a Linux machine is a zombie?
Next by thread: Re: How to tell if a Linux machine is a zombie?
Index(es):
- Date
- Thread