:: Re: [DNG] Recommended location for …
Top Page
Delete this message
Reply to this message
Author: Klaus Ethgen
Date:  
To: dng
Subject: Re: [DNG] Recommended location for iptables rules
Hi folks,

Am Di den 6. Dez 2016 um 0:07 schrieb Daniel Reurich:
> On 06/12/16 05:50, Lars Noodén wrote:
> > Where should we be commending the storage of iptables rules in Devuan
> > Jessie?
>
> There should not be a default location. It should be left to each
> firewall application to define. This is particularly important as
> iptables has a competitor in nftables and likely to be deprecated at
> some point so we can't guarantee into the future that iptables will
> always exist.


Well, I think, there should be an advice.

Historical I use /var/lib/iptables. But that is only great when using
dynamic iptables. Present days I do them manually so /etc/something
might be better.

> Generally a well setup Linux system has no network connectable services
> running that aren't intended to be, in which case it's relatively
> resistant to hacking attempts. This means firewall in a well secured
> network is generally not necessary or desirable. The only instance I'd
> consider a workstation firewall is a laptop connecting to untrusted
> networks regularly.


Well, except avahi, cups, samba, ntp, rpcbind and some other bad
designed tools that default listen on 0.0.0.0 and that are pulled in
with a common linux desktop installation.

Regards
   Klaus
- -- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@???>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C