[10:06] morning [10:16] Does anyone know any good resources on how to configure IPTables correctly on a server? (best practice, how to allow outgoing connections securely etc) [10:19] well mostly it's easy enough [10:20] ebel: until you lock yourself out ;) [10:20] i mean most of the time it's "block everything except this port and that port" [10:21] and outgoing wise? Block everything except 53 and established? [10:21] ah yes that can happen. [10:21] Do you have IPv6 (on your machine & something you can log into machine with)? [10:21] sadly, no. In neither case do I have IPv6 [10:21] Though, now on rackspace. [10:21] then you can just do ipv4 iptables willy nilly. if you lock yourself out, then connect over ipv6 :) [10:21] which is awesome [10:22] No, I can't... I *don't* have v6 acces [10:22] s [10:22] ah well [10:22] * ebel should really be careful about giving advise here, since he's not very good at iptables... :P [10:23] lol [10:23] also I'd want to protect v6 anyway [10:24] yes you should protext ipv6 & 4. but it's handy to do them out of sync, so you can go in via one if you feck up the other, etc. [10:27] also slashtommy knows a bit about this [10:28] or someone on #tog might know [10:48] becareful, you should always have console access available [10:48] all good ISPs provide this [11:00] BenChapman: while testing you should set up a cron job to clear your tables every half an hour [11:00] that will stop you getting locked out [11:00] a few weeks ago i worked for about a day getting my head around iptables for my servers [11:01] and the cron job makes your life a lot better [11:01] btw, when is this next irc meeting? [11:08] aloha [11:10] good morning [11:12] i think its the 17th [11:12] slashtommy: I do indeed have console access :) [12:12] got a nice mozilla t-shirt last night at the mozilla meetup [12:13] BenChapman: many at it ? [12:14] loads actually, I'd say around 50-60 [12:14] wow thats great [12:14] yup [12:16] wow, cool [12:17] i would think its hard to turn all them into devs to work on ff [12:29] tdr112: not the idea of those meetups ( though some of the talks were highly technical ) [12:44] technical problems with skype: on unity when it goes into the background there's no way for me to call it up again [13:08] ebel: sorting your typing break issue also [13:25] * slashtommy is signed up to his first formal conference as an antedee, next week [13:25] attendee* [13:46] czajkowski: oh? cool [13:53] yeah it's still there [13:53] and there are also other alternatives [13:53] but they may see if they can bring it in from debiabn [13:54] ah cool. [13:56] :) [14:08] UDS-P Day 3 http://www.lczajkowski.com/2011/11/03/uds-p-day-3/ === Pendulum_ is now known as Pendulum