Re: [SLUG] weird web site viewer

From: Eben King (
Date: Sun Apr 23 2006 - 01:23:25 EDT

On Sun, 23 Apr 2006, Paul M Foster wrote:

> Eben King wrote:
>> On Sun, 23 Apr 2006, steve szmidt wrote:
>>> On Saturday 22 April 2006 22:04, Eben King wrote:
>>>> I don't have a firewall. I tried using the router, but it doesn't have
>>>> such a (useful) thing. NAT keeps most things out, but I explicitely let
>>>> http in. :-( I figure running as few things as I can get away with lets
>>>> me get acceptable performance from a computer after it's deemed "too
>>>> slow"
>>>> by most people.
>>> Well, I'd argue that you Do have a firewall. On your computer. You have
>>> port
>>> forwarding to your cmputer. Use the firewall and the hosts.allow/deny
>>> files.
>> Well yeah, hosts_access is sort of a firewall. But didn't you make a
>> distinction a few lines up, in
>>>>> I still prefer using the firewall as it's a cleaner cut. It's the first
>>>>> line of defense. hosts is a second line which it does not hurt to do
>>>>> too.
>> ?
> Firewall, as in iptables. It's easier to set up on a different system, but
> can be done on the machine you're running. In fact, the blocking of an IP
> address can be done there, as well as with hosts.deny. Hosts.deny has almost
> zero flexibility, compared to iptables. There are scripts and packages out
> there which will automate the process of building iptables scripts.
> Otherwise, you need to know the internals of how iptables work in order to
> roll your own rules.

Yup, iptables is flexible and powerful. But if hosts.deny can do what I
need (i.e. stop this user from getting web pages), I see no need to set it
up. It's just a residential machine.

-eben    ebQenW1@EtaRmpTabYayU.rIr.OcoPm

This message was created using recycled electrons. ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:41:47 EDT