[dundee] iptables nuances and best practices question
Kris Davidson
davidson.kris at gmail.com
Mon Oct 6 11:13:06 UTC 2008
Thanks guys, I was doing a start of term clean and when going through
some old config files from a previous job. I've got both rules in
place I figured I had a reason either that or I forgot to remove one,
for the range rule I was pulling addresses with a script in the rule
so it would handle changes to the range and server/router address but
yeah the interface rule seems cleaner. Like I said I had both in place
so I ran a test last night and the results are slightly different.
pkts bytes
1356 96461 <-- Range rule
1064 69933 <-- Interface rule
Well the config had a few vlans as well as a bridge so 'phear my mad
1337 skillz' apparently, also I prefer pirates in place of ninjas but
I've heard of fwbuilder, its one of those things I never have time to
try out.
As for why I hate the legitimate http://www.opendns.com/ basically its
what Robert said, every domain exists and in some situations where I'm
prevented from locking down stuff the way I like people use it on
there own computer and complain when the domain isn't working... thats
part of the reason for the those rules.
Kris
More information about the dundee
mailing list