[LON-CAPA-dev] firewall question (a monthly periodical?)
Guy Albertelli II
lon-capa-dev@mail.lon-capa.org
Mon, 23 Sep 2002 02:47:14 -0400 (EDT)
Hi Scott,
> http://help.loncapa.org/cgi-bin/fom?file=210
>
> Pending question:
>
> Firewall - other than possibly interfering with needed internet ports,
> will iptables significantly slow up LON-CAPA network connectivity?
>
> I have had really good experiences with iptables (ipchains on the
> other hand is abominable and almost deprecated). But I'm not sure
> if it would be CPU-expensive, or bottlenecks the network connection
> during server peak usage points.
It supposedly has little impact on performance. I can't find any
extensive testing, but the small tests I have found seem to indicate
that it is fairly light weight.
> Should we make iptables part of the default installation?
RedHat 7.3 does, and it mainly gets it wrong.
I don't think we will gain muc by doing this, I think it better just
to require as few services as possible and to lock these down as tight
as possible.
> So long as its correctly configured, it can only make security
> better as well as keeping track of which network ports
> really are needed.
But will cause even more headaches as users get it wrong.
Additionally I'd like to continue to reduce the amount of control we
exercise over the machine.
I like that we have stopped trying to configure appletalk, etc, and
now add ourselves to Apache rather than try to own it.
--
guy@albertelli.com BM: n^20 t20 z20 qS
Guy Albertelli -7-8-2- O-
I would love to but . . . I'm in training to be a household pest.