On Sun, May 01, 2005 at 12:04:41AM +0200, Maarten Litmaath, CERN wrote:
> On Fri, 29 Apr 2005, Peter Love wrote:
>
> > One issue with having iptable rules injected by init.d scripts it that
> > the service needs restarting after every iptables restart. I'd prefer
> > we're told about nat redirect requirements and implement iptable rules
> > ourselves.
>
> But you cannot: the BDII cycles through a list of ports (2171, 2172, ...)
> making 2170 an alias for the port whose slapd has had its database updated
> the latest, while giving old connections a grace period of several minutes
> (all configurable) before their slapd is terminated.
My opinion on this is:
*firewall rules are local sysadmin's business!*
|