[KLUG Members] ACCEPT all -- anywhere anywhere, eh?
Robert G. Brown
members@kalamazoolinux.org
Thu, 09 Jan 2003 22:01:23 -0500
Adam Williams <awilliam@whitemice.org> wrote:
>>>Is the redhat firewall config tool goobered?
>>Dunno, we can discuss what "goobered" means somewhere else.
>A goober is a peanut. What goobered means is open to interpretation.
To say that a "goober is a peanut" is like saying an F/A-18 is an
airplane. A Goober is a chocholate-covered peanut, carefully selected to
go with the semi-soft, semi-sweet chocolate coating. All a true joy of my
movie going youth.
First of all, you're verbing a noun. Second, it's used in a way that
indicates something is messed up, and Goobers are decidedly not that
as all. A Goober represents a kind of pinnacle in nutrition and flavor.
Perhaps we can take this up on Advocacy.
Anyway, back to firewalls.
>>>Chain INPUT (policy ACCEPT)
>>>target prot opt source destination
>>>RH-Lokkit-0-50-INPUT all -- anywhere anywhere
.....
>>>ACCEPT all -- anywhere anywhere
>>>Doesn't the "ACCEPT all -- anywhere anywhere" negate all the rules below it?
>>UM, it would probably obviate them, yes. I have this little munchkin on my
>>shoulder (perhaps a degooberizer, or maybe a degooberator?) that tells me the
>>"all" ought to be a "tcp".
>Thats pretty much what I thought.
OK, good. I'd like to see some verification or correction, with an explanation,
if both of us happen to be wrong in the same way.
>>However, I don't really like this whole setup, mostly 'cuz I prefer a policy
>>of REJECT or DENY... why they don't do this isn't clear to me. The stateful
>>nature of some rules is helpful, though.
>It does seem an odd way to go about things.
IMO it's in keeping with the Red Hat approach to things.
Regards,
---> RGB <---