[svlug] deny ssh

Nate Campi nate at wired.com
Tue Nov 27 14:13:02 PST 2001


On Tue, Nov 27, 2001 at 02:07:50PM -0800, David Masten wrote:
> On Tue, 2001-11-27 at 13:10, Nate Campi wrote:
> 
> > > This is very ugly. It works, but it is just a *Bad Thing* (unless
> > > ipchains is already running). This adds additional processing for every
> > > IP packet. For a typical home machine with DSL or Cable networking, it
> > > is no big deal, for any type of network intensive or CPU intensive
> > > machine, it is a very big deal.
> > 
> > David, I've heard people make these claims before and never found any
> > studies that backed up such a claim. I've searched for them and asked on
> > the netfilter mailing list as well, all to no avail.
> > 
> > I politely ask you to back up your claims.
> 
> I am starting the test now. Expect a few days before I have numbers.

Sweet, this is what lists like this are for.

Thanks for going to the trouble David.

OBTW, I am very guilty in looking at the internet thought the eyes of a
dot-com admin, since I am one. Sometimes I forget about other
applications for UNIX/Linux. Thanks for pointing that out.
-- 
Nate Campi | Terra Lycos DNS | SF UNIX Operations | (415) 276-8678

The doctrine of human equality reposes on this: that there is no man
really clever who has not found that he is stupid.





More information about the svlug mailing list