From: Alistair Tonner <Alistair@nerdnet.ca>
To: netfilter@lists.netfilter.org
Subject: Re: Can anyone tell me how to do this?
Date: Wed, 22 Sep 2004 13:29:22 -0400 [thread overview]
Message-ID: <200409221329.22258.Alistair@nerdnet.ca> (raw)
In-Reply-To: <7C9884991ADAE0479C14F10C858BCDF591E375@alderaan.smgtec.com>
On September 22, 2004 12:59 pm, Daniel Chemko wrote:
> > learning more about iptables is a nice goal to have. sometimes i wish
> > it was just as glamorous for people to want to learn more about
> > routing and the OSI model, before becoming super l33t firewall
> > gurus...but i digress...
>
> Problem is: Neither of these topics can easily be approached by network
> newbs without a lot of setup. There aren't many visiting this list with
> routing more complicated than ip route add x via y
>
> As for OSI, any casual admin wouldn't find much real world value in it.
> I'd say OSI influences programmers more than admins. Experienced admins
> do need to understand programming and OSI's a good practical example of
> basic layered approaches, etc.. Plus, since others use OSI as a mindset
> when developing, its good to know where they get their ideas from.
Trust me -- when troubleshooting a distributed application you *really* need
to know OSI. I've found often that developers like to yell that the network
is the problem. Lots of developers have no idea about networking, and seem
to believe that it can magically disappear, mangle, harrass, alter and chew
up their data. Now .. that might happen on some networks, but not on ours,
or at least not without setting off a bunch of nasty alerts....
> Firewalls are an inevitability these days. You either: Don't use a
> firewall and get viruses, or you do use a firewall and you're forced to
> fiddle with it when one of your programs doesn't work. See, your forced
> to learn it if you like networking and administration or not.
Using a firewall that blocks certain ports may prevent certain virii from
being able to connect and spread, but it wont STOP virii, -- they seem to be
getting multitalented these days. Security as allways is very much like OSI.
Layered, purpose driven components. Each component must do its job, and
scream blue bloody murder when it can't/doesn't or fails.
Alistair.
next prev parent reply other threads:[~2004-09-22 17:29 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-22 16:59 Can anyone tell me how to do this? Daniel Chemko
2004-09-22 17:29 ` Alistair Tonner [this message]
2004-09-22 18:14 ` OT: path to fw admin status (was: RE: Can anyone tell me how to do this?) Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2004-09-22 17:12 Can anyone tell me how to do this? Daniel Chemko
2004-09-23 13:01 ` Eric Ellis
2004-09-23 13:22 ` Dominic Iadicicco
2004-09-23 14:55 ` Jason Opperisano
2004-09-23 15:14 ` Dominic Iadicicco
2004-09-23 16:15 ` Jason Opperisano
2004-09-23 16:44 ` Samuel Díaz García (ArcosCom)
2004-09-23 17:28 ` Dominic Iadicicco
2004-09-23 17:48 ` Jason Opperisano
2004-09-23 18:26 ` Dominic Iadicicco
2004-09-23 16:58 ` Dominic Iadicicco
2004-09-23 17:31 ` Jason Opperisano
2004-09-23 18:29 ` Aleksandar Milivojevic
2004-09-22 17:04 Hudson Delbert J Contr 61 CS/SCBN
2004-09-22 14:09 Dominic Iadicicco
2004-09-22 14:25 ` Eric Leblond
2004-09-22 14:45 ` Dominic Iadicicco
2004-09-22 15:07 ` Eric Leblond
2004-09-22 15:29 ` Dominic Iadicicco
2004-09-22 14:29 ` Jason Opperisano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200409221329.22258.Alistair@nerdnet.ca \
--to=alistair@nerdnet.ca \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox