[10:06] <BenChapman> morning
[10:16] <BenChapman> Does anyone know any good resources on how to configure IPTables correctly on a server? (best practice, how to allow outgoing connections securely etc)
[10:19] <ebel> well mostly it's easy enough
[10:20] <BenChapman> ebel: until you lock yourself out ;)
[10:20] <ebel> i mean most of the time it's "block everything except this port and that port"
[10:21] <BenChapman> and outgoing wise? Block everything except 53 and established?
[10:21] <ebel> ah yes that can happen.
[10:21] <ebel> Do you have IPv6 (on your machine & something you can log into machine with)?
[10:21] <BenChapman> sadly, no. In neither case do I have IPv6
[10:21] <BenChapman> Though, now on rackspace.
[10:21] <ebel> then you can just do ipv4 iptables willy nilly. if you lock yourself out, then connect over ipv6 :)
[10:21] <BenChapman> which is awesome
[10:22] <BenChapman> No, I can't... I *don't* have v6 acces
[10:22] <BenChapman> s
[10:22] <ebel> ah well
[10:22]  * ebel should really be careful about giving advise here, since he's not very good at iptables... :P
[10:23] <BenChapman> lol
[10:23] <BenChapman> also I'd want to protect v6 anyway
[10:24] <ebel> yes you should protext ipv6 & 4. but it's handy to do them out of sync, so you can go in via one if you feck up the other, etc.
[10:27] <ebel> also slashtommy knows a bit about this
[10:28] <ebel> or someone on #tog might know
[10:48] <slashtommy> becareful, you should always have console access available
[10:48] <slashtommy> all good ISPs provide this
[11:00] <tdr112> BenChapman: while testing you should set up a cron job to clear your tables every half an hour
[11:00] <tdr112> that will stop you getting locked out
[11:00] <tdr112> a few weeks ago i worked for about a day getting my head around iptables for my servers
[11:01] <tdr112> and the cron job makes your life a lot better
[11:01] <slashtommy> btw, when is this next irc meeting?
[11:08] <czajkowski> aloha
[11:10] <slashtommy> good morning
[11:12] <tdr112> i think its the 17th
[11:12] <BenChapman> slashtommy: I do indeed have console access :)
[12:12] <BenChapman> got a nice mozilla t-shirt last night at the mozilla meetup
[12:13] <tdr112> BenChapman: many at it ?
[12:14] <BenChapman> loads actually, I'd say around 50-60
[12:14] <tdr112> wow thats great
[12:14] <BenChapman> yup
[12:16] <ebel> wow, cool
[12:17] <tdr112> i would think its hard to turn all them into devs to work on ff
[12:29] <BenChapman> tdr112: not the idea of those meetups ( though some of the talks were highly technical )
[12:44] <BenChapman> technical problems with skype: on unity when it goes into the background there's no way for me to call it up again
[13:08] <czajkowski> ebel: sorting your typing break issue also
[13:25]  * slashtommy is signed up to his first formal conference as an antedee, next week
[13:25] <slashtommy> attendee*
[13:46] <ebel> czajkowski: oh? cool
[13:53] <czajkowski> yeah it's still there
[13:53] <czajkowski> and there are also other alternatives
[13:53] <czajkowski> but they may see if they can bring it in  from debiabn
[13:54] <ebel> ah cool.
[13:56] <czajkowski> :)
[14:08] <czajkowski> UDS-P Day 3 http://www.lczajkowski.com/2011/11/03/uds-p-day-3/