[KLUG Members] ACCEPT all -- anywhere anywhere, eh?

[Robert G. Brown]

Adam Williams <awilliam@whitemice.org> wrote:
>>>Is the redhat firewall config tool goobered?
>>Dunno, we can discuss what "goobered" means somewhere else.
>A goober is a peanut.  What goobered means is open to interpretation.
To say that a "goober is a peanut" is like saying an F/A-18 is an 
airplane. A Goober is a chocholate-covered peanut, carefully selected to
go with the semi-soft, semi-sweet chocolate coating. All a true joy of my 
movie going youth. 

First of all, you're verbing a noun. Second, it's used in a way that 
indicates something is messed up, and Goobers are decidedly not that
as all. A Goober represents a kind of pinnacle in nutrition and flavor.

Perhaps we can take this up on Advocacy.

Anyway, back to firewalls.

>>>Chain INPUT (policy ACCEPT)
>>>target     prot opt source               destination         
>>>RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere           
.....
>>>ACCEPT     all  --  anywhere             anywhere           

>>>Doesn't the "ACCEPT all -- anywhere anywhere" negate all the rules below it?
>>UM, it would probably obviate them, yes. I have this little munchkin on my
>>shoulder (perhaps a degooberizer, or maybe a degooberator?) that tells me the
>>"all" ought to be a "tcp". 
>Thats pretty much what I thought.
OK, good. I'd like to see some verification or correction, with an explanation,
if both of us happen to be wrong in the same way.

>>However, I don't really like this whole setup, mostly 'cuz I prefer a policy
>>of REJECT or DENY... why they don't do this isn't clear to me. The stateful
>>nature of some rules is helpful, though.
>It does seem an odd way to go about things.
IMO it's in keeping with the Red Hat approach to things.

							Regards,
							---> RGB <---