[Server-devel] server ecurity
Martin Langhoff
martin.langhoff at gmail.com
Tue Sep 22 06:05:56 EDT 2009
2009/9/21 Jerry Vonau <jvonau at shaw.ca>:
> Your proxy is slow to re-load the iptables rule-set? How many lines?
No no. You got a mixup there :-). Adding/removing rules from iptables
is fast -- we can create a new chain and add rules, flush it, etc. So
we can manipulate rules there "hot".
For the proxy, we are using Squid. If the solution we build depends on
adding/removing rules from Squid, and that happens to need a squid
restart, we will be in a world of pain. So we either avoid this, or
switch http proxy.
> I was thinking of something like NoCat: http://nocat.net/ but without
> the splash-screen, we can just use the backend from NoCat
I thought nocat was playing tricks with dhcp? DWill have to re-review it.
I am currently on holidys - so my replies will lag a bit...
cheers,
m
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Server-devel
mailing list