In reply to Paul Jakma's flatulent wordings,
> squid goes down -> no www access
> userspace firewall goes down -> absolutely no access
Untrue in the second instance, userspace firewall goes down -> allow all
access. Think about it, if you get absolutely no access if the firewall goes
down, that means that your firewall machine is not routing by default or
accepting any packets at all. That would mean that the routing will have to
be done by your userspace filter. That means copying massive chunks of
routing code that would usually be done at the IP stack level. You can fake
route in a few firewall packages already, but even when they're kernel
firewalls they stress the importance of not doing so because of the
massive performance (and possible stability) implications of circumventing the
kernel routing.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
