iptables question
Stuart Jansen
sjansen at buscaluz.org
Tue Nov 4 18:26:41 MST 2008
On Tue, 2008-11-04 at 11:33 -0700, Michael Torrie wrote:
> Stuart Jansen wrote:
> > As for your firewall problem, it's hard to debug a firewall without
> > looking at _all_ rules. If you're comfortable giving us the entire rule
> > set, run "iptables-save" and send us the output.
>
> I'm a bit unsure of why an administrator would be uncomfortable sharing
> iptables rules. Perhaps the list of allowed ports is felt to be
> sensitive. But those can be determined very easily by a would-be
> hacker. Security by obscurity perhaps?
They can be determined by a persistent hacker, but that might set off
alarms or trigger a re-evaluation. A little obscurity isn't a bad thing,
so long as it is included with other good security practices.
More information about the PLUG
mailing list