> An excerpt from Brian 'MegaZone' Bikowicz message:
> >
[snip]
> > This is a known problem is all versions of pmconsole. For filters that long
> > they have to be done on the command line.
> >
> > But 65 rules? I don't think I've encounted a filter that large... What are
> > you filtering?
> >
> > -MZ
>
> I haven't used the front-end version of PMcommand before. Which one
> would you suggest I use, PMConsole for Sparc or Windows?
>
> Also, our site has over 40 rules. We're filtering everything while
> making individual exceptions to particular hosts and ports for vital services.
> This is the reason why I'm considering to use PMConsole but if there's
> a problem with many rules, I'll continue to use pmcommand. Btw, if I have
> that many rules, does it degrade the performance of the portmaster?
>
How about 73 rules? "That which is not expressly permitted, is
prohibited." If Cheswick and Bellovin are to be believed, I don't see
how I can do much less and be a useful Internet Service Provider, while
still being as secure as possible.
Also...how can I load a filter of this size without
pmcommand, which requires me to expose my Portmasters' passwords for
the time that it takes to execute the command? This is a serious
problem if there isn't another way. I hate having to change the
password just to change the filters.
------------------------------------------------------------------------
David Carmean WB6YZM DC574 dave@west.net
System/Network Administrator, WestNet Communications, Inc.
PGP Key Fingerprint: CD 1C C1 15 3E E3 1D 41 ED C2 3E A8 D6 29 BD C4
------------------------------------------------------------------------