You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the article Are firewalls useful?:

#48 Re: Are firewalls useful? Posted by stevenothing (84.12.xx.xx) on Sat 27 Oct 2007 at 12:16 I do something similar, but instead of blocking all outbound port 80, I use iptables to force it through squid, acting as a transparent proxy. This allows me to create access lists based on the DNS name, rather than IP address (useful for names the change frequently, have a lot of records, or try and do clever things with DNS), and it also means that I can periodically look through the squid log to try and find things like http://192.0.2.17/~marek/hack.gif, whereupon I need to correlate the time with my apache log, and find out who's been sticking crap php scripts on my server.

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account