[Noisebridge-discuss] missing IBM model M keyboard from my shelf
Leif Ryge
leif at synthesize.us
Sun Sep 18 18:58:36 UTC 2011
On 09/18/2011 11:31 AM, Andy Isaacson wrote:
> On Sun, Sep 18, 2011 at 09:49:10AM -0700, Jonathan Foote wrote:
>> I still don't understand why folks who know better than to connect a
>> valuable resource to the internet without a firewall
> ... actually, that is not true ...
Ha, you beat me to this reply by 20 minutes! We had an issue at my work
recently with the netfilter conntrack table filling up, and were trying
to remember why it is again that we run a firewall at all... and found
no good reason to (except laziness in configuring other software). If
you have malicious software opening ports which your firewall is
blocking, that software could most likely disable your firewall too. If
you have software you want to listen only on a certain interface, it is
better to simply configure it to do that than to use a firewall.
I think this is a great analogy for restricting physical access to
Noisebridge: Plenty of unwanted traffic would circumvent it, while we'd
be doing a lot of work maintaining our connection tracking table table
which would inevitably overflow and impede the traffic we do want.
~leif
More information about the Noisebridge-discuss
mailing list