On Mon, May 11, 2015 at 07:40:38PM +0200, Karsten Merker wrote: > On Mon, May 11, 2015 at 09:29:21AM +0100, Jonathan Dowland wrote: > > On Fri, May 08, 2015 at 11:03:55PM +0200, Marc Haber wrote: > > > On Fri, 8 May 2015 13:33:06 -0700, [email protected] wrote: > > > >There are much better alternatives for most common cases. > > > > > > For example being? > > > > ufw is quite nice. > > AFAICS (please correct me if I am wrong) ufw appears to be > designed for simple "block all access from everywhere on all > interfaces and explicitly allow exceptions for a few services > from everywhere" setups, but anything more complex appears to be > out of its scope. > > So while it is surely nice and useful for the use case it was > designed for, I cannot see it as a replacement for traditional > iptables scripts if your setup is even slightly more complex.
The thread I was replying to was 'common cases'. UFW indeed can't do more complex things, but it is more sophisticated than your summary: it can do rate limiting and various other things beyond simple deny-by-default. I wasn't proposing it as a replacement for bare iptables in all cases. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
