From: Gerald Combs (gerald@ethereal.com)
Date: 04/08/02

Next message: Brian Densmore: "RE: Further adventures in Firewall upgrades"
Previous message: Eric Rossiter: "Re: W2K to Linux"
In reply to: Charles Steinkuehler: "Re: Further adventures in Firewall upgrades"
Next in thread: Eric Rossiter: "Re: Further adventures in Firewall upgrades"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Mon, 8 Apr 2002 16:28:29 -0500
From: Gerald Combs <gerald@ethereal.com>
Subject: Re: Further adventures in Firewall upgrades
Message-ID: <Pine.GSO.4.10.10204081623540.19675-100000@pow.zing.org>

On Mon, 8 Apr 2002, Charles Steinkuehler wrote:

> ipchains/iptables rules. The price for making your firewall "impervious" in
> this way is forgoing *ALL* user-mode functionality, including logging. It's

...so why not add code to iptables to log directly to a remote syslog
server? I can't imagine it would take more than 200 lines of code,
including command parsing, data structures, and syslog packet generation.

This still doesn't solve the scheduled access problem, but it's a start.

Next message: Brian Densmore: "RE: Further adventures in Firewall upgrades"
Previous message: Eric Rossiter: "Re: W2K to Linux"
In reply to: Charles Steinkuehler: "Re: Further adventures in Firewall upgrades"
Next in thread: Eric Rossiter: "Re: Further adventures in Firewall upgrades"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]