Re: One for the Security Guru's

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stephen Frost <sfrost@snowman.net>
To: Stephen Satchell <list@fluent2.pyramid.net>
Cc: hps@intermeta.de, linux-kernel@vger.kernel.org
Subject: Re: One for the Security Guru's
Date: Fri, 25 Oct 2002 09:47:23 -0400	[thread overview]
Message-ID: <20021025134723.GZ15886@ns> (raw)
In-Reply-To: <5.1.0.14.0.20021024210320.01db0750@fluent2.pyramid.net>

[-- Attachment #1: Type: text/plain, Size: 1505 bytes --]

* Stephen Satchell (list@fluent2.pyramid.net) wrote:
> I've also been experimenting with the traffic limiting capabilities, as one 
> co-locate provider offers discounts for guaranteed lower bandwidth 
> utilization, so by limiting the bandwidth using IPTABLES I should be able 
> to cut my co-lo costs to 1/3 of what they would be with "unlimited" 
> bandwidth.

http://www.lartc.org ; When talking about traffic shaping with Linux
you're really talking about tc from the iproute2 package.  I'd recommend
you check out that URL if you havn't already and that you strongly
consider using HTB for your traffic shaping needs, it's alot easier to
use and makes alot more sense than CBQ.

> I've worked with the PIX, and I don't see what I'm missing in features 
> between the PIX and Linux/IPTABLES.  I'm sure there is something.  Please 
> amplify on your comments.

Eh, it depends on how you look at it, but...  The cisco includes support
for checking out high-level protocols, such as HTTP.  Basically you can
set things up inside the PIX based on what URL is being requested and
such.  That's why the PIX is more than just a packet filter.  Personally
I still characterize my Linux box running iptables as a firewall.  If
you want to do the same kind of thing the PIX is doing on port 80 you'd
need to run squid or something similar to it and set it up as a reverse
proxy with associated access rules and whatnot.  Things like deny
anything with cmd.exe in it, etc.

	Stephen

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2002-10-25 13:41 UTC|newest]

Thread overview: 51+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-23 13:02 One for the Security Guru's Robert L. Harris
2002-10-23 13:13 ` John Jasen
2002-10-23 13:20 ` Keith Owens
2002-10-24  7:56   ` Greg KH
2002-10-23 13:45 ` Alan Cox
2002-10-23 13:59   ` Gilad Ben-ossef
2002-10-23 22:14     ` James Cleverdon
2002-10-23 22:17       ` James Stevenson
2002-10-23 22:39         ` James Cleverdon
2002-10-23 22:44           ` James Stevenson
2002-10-24  6:12         ` Gilad Ben-Yossef
2002-11-06 21:39       ` Florian Weimer
2002-10-23 14:57 ` Richard B. Johnson
2002-10-23 17:56   ` Gerhard Mack
2002-10-24  9:38     ` Henning P. Schmiedehausen
     [not found]       ` <ap8f36$8ge$1@dstl.gov.uk>
2002-10-24 10:01         ` Tony Gale
2002-10-24 16:13           ` Gerhard Mack
2002-10-24 16:39             ` Henning P. Schmiedehausen
2002-10-24 16:34               ` David Lang
2002-10-24 17:04               ` Gilad Ben-Yossef
2002-10-25  9:44                 ` Henning Schmiedehausen
2002-10-25 20:52                   ` H. Peter Anvin
2002-10-26 10:43                     ` Henning P. Schmiedehausen
2002-10-27 10:17                       ` Rogier Wolff
2002-10-28  7:47                       ` Chris Wedgwood
2002-10-24 22:02               ` Danny Lepage
2002-10-25  9:40                 ` Henning Schmiedehausen
2002-10-24 14:23       ` Gilad Ben-ossef
2002-10-25  4:09       ` Stephen Satchell
2002-10-25 13:47         ` Stephen Frost [this message]
2002-10-26 10:38           ` Rogier Wolff
2002-10-26  9:44       ` Rogier Wolff
2002-10-26 10:46         ` Henning P. Schmiedehausen
2002-10-23 16:23 ` Henning P. Schmiedehausen
2002-10-23 17:55   ` David Lang
2002-10-23 19:46     ` H. Peter Anvin
2002-10-23 22:15 ` James Stevenson
2002-10-24  9:47   ` Henning P. Schmiedehausen
2002-10-25 12:28     ` Daniel Egger
2002-10-25 15:22       ` Alex Riesen
2002-10-25 16:38       ` Stephen Satchell
2002-10-25 18:21       ` [OT] " J Sloan
2002-10-26 10:40     ` OT " Rogier Wolff
2002-10-24 10:11   ` Ville Herva
2002-10-24 11:09     ` Henning P. Schmiedehausen
2002-10-24 11:55       ` Alan Cox
2002-10-24 14:40         ` Henning P. Schmiedehausen
2002-10-24 15:36           ` Alan Cox
2002-10-24 16:46     ` Eric W. Biederman
2002-10-24  6:04 ` David Wagner
  -- strict thread matches above, loose matches on Subject: below --
2002-10-23 21:49 Hank Leininger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021025134723.GZ15886@ns \
    --to=sfrost@snowman.net \
    --cc=hps@intermeta.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=list@fluent2.pyramid.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).