l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 16:58

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] ipchains/firewall question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] ipchains/firewall question



On Thu, Oct 19, 2000 at 11:16:32AM -0700, Micah Cowan wrote:
> > Also, rather than removing access from 19*.*.*.*, you should probably
> > focus on what you will allow, with a default of deny.
> 
> Hardly necessary commentary, Ted.  I'm imagining right now that
> you haven't really been following this thread - he's not setting up
> a router or a "real" firewall - he just doesn't want network traffic
> from the rest of the school interfering with his Beowulf cluster.

Fair enough.  I seem to disagree with several on this issue.  [1]

Firewalls, ip blocking, etc, are all important matters.  blocking
something like 19*.*.*.* is very nearly impossible and certainly useless
from a firewall standpoint.

If Pete were embarking on a "fun loving" romp through "could this be done,
never matter why", then that's another thing.  I just can't wrap my brain
around that.

My apologies to all.  It was not my intention to offend any.  I fully
realize that I have probably offended many of you, if not with my
frankness certainly with my message's tone.

[1]  This is odd.  The cluster should either be behind its own router (or
routed interface), or on a switch in its own VLAN.  If neither are the
case then this cluster is going to be tough to manage its ip traffic, and
blocking some internal stuff may be the least of Pete's worries.
  Regardless of that, Pete was looking to block source traffic from
outside with his internal side ip addresses.  Does the external network
share the same space as his internal side?  That will make management of
desireable traffic very hard to manage.
  In any case, there are too many details lacking, and the group seems to
accept this vagueness as acceptable, and give Pete the benefit of the
doubt.  From a security standpoint, that is a reciepe for trouble.

  I won't bore the group with any more on this issue.

-- 
Ted Deppner
http://www.psyber.com/~ted/


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.