[rescue] New acquisition... (AIX)
Kevin
kevin at mpcf.com
Fri Apr 2 12:03:00 CST 2004
On Fri, 2 Apr 2004 12:01:20 -0600
"Jonathan C. Patschke" <jp at celestrion.net> wrote:
> It's all fairly simple and, more importantly, known quantities.
> But,
> in Linux, you have abstraction violations like HTTP listeners
> (optionally) in the kernel. You really have to stay abreast of
> what shiny new toy the developers tossed in there and make sure
> you don't accidentally turn it on.
That's why you begin from a "deny all/turn on only what you need"
position. It's pretty hard to accidentally compile in
CONFIG_KHTTPD if you are starting off from the bare minimums.
Oh, and hope they don't
> change the firewall paradigm AGAIN[0], if you need to filter
> packets.
This was a pain, i'll grant you that. But that type of thing is
to be expected with any product that is/was growing at that rate.
I've been using iptables since 2000 and love it. I seriously
doubt it will change drastically anytime soon.
/KRM
--
"Make it idiot proof and someone will make a better idiot."
keyserver: http://pgp.mit.edu/
More information about the rescue
mailing list