iptables question

Stuart Jansen sjansen at buscaluz.org
Tue Nov 4 18:26:41 MST 2008


On Tue, 2008-11-04 at 11:33 -0700, Michael Torrie wrote:
> Stuart Jansen wrote:
> > As for your firewall problem, it's hard to debug a firewall without
> > looking at _all_ rules. If you're comfortable giving us the entire rule
> > set, run "iptables-save" and send us the output.
> 
> I'm a bit unsure of why an administrator would be uncomfortable sharing
> iptables rules.  Perhaps the list of allowed ports is felt to be
> sensitive.  But those can be determined very easily by a would-be
> hacker.  Security by obscurity perhaps?

They can be determined by a persistent hacker, but that might set off
alarms or trigger a re-evaluation. A little obscurity isn't a bad thing,
so long as it is included with other good security practices.




More information about the PLUG mailing list