[oclug] ipchains & security
doug at jumpgate.homeip.net
Fri Feb 9 22:07:39 EST 2001
On Friday 09 February 2001 11:25, you wrote:
> I have seem a growing number of gui front ends to ipchains come out lately.
> Many of these are no different than doing it by hand only from a curses
> based template or at the other extreme in qt or gtk. Some not all will also
> generate the appropriate syntax for you.
> From a security standpoint, are there any dangers in using applications of
> this sort to set up the scripts. While I know there is no subsitution to
> learning to do it by hand, the increased number of these apps indicate that
> many people are looking to an alternative.
I don't think it's any less secure than by hand, although it may be more
limiting, depending on the package. The best is if it generates a script,
because then you can validate it if you know what you're doing ( or get a
friend to). The only issue security-wise is whether or not the GUI builds
what you expect - as long as the conversion from GUI to script is correct,
the only security issue is whether or not what you enter is secure :-).
More information about the OCLUG