Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged firewalling — 6 results.
Cisco PIX is the dominant commercial firewall in enterprise deployments. I have spent a fortnight working on a friend's PIX configuration. The product has its strengths and its frustrations. A walk through what I have observed.
The 2.4 kernel's new firewall framework, netfilter, has been in development for over a year. Reading the design documents this week has clarified what the next decade of Linux firewalling is going to look like.
If every operator on the internet did one cheap thing — filter outgoing packets to ensure source addresses are correct — most distributed attack tools would not work. We do not do this. The reasons are interesting and mostly not technical.
The 2.2 kernel ships ipchains, a new firewall framework that replaces ipfwadm. The interface is cleaner, the semantics are sharper, and the rule language is finally coherent. A walk through the upgrade.
Default deny is the slogan everyone agrees on. Default deny is also routinely broken, in production, by every team I have looked at, including mine. Here is the gap between the principle and the practice.
A walk through my very first packet filtering rules on Slackware, written deliberately badly so I can explain what was wrong with each one.