But absolutely none of the issues you listed are issues with iptables.
- 1 Post
- 822 Comments
Joined 2 years ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
point is, firewalld and iptables is for amateur hour and hobbyists.
Which is weird for you to say since practically all of the issues you list are mistakes that amateurs and hobbyists make.
Containers run “on bare metal” just as much as non-containerized applications.
2·3 days agoBasically what you said. A partisan news source isn’t a great source of science news.
Here’s a link to a source that’s less “Mother Jones”.
when someone dies due to the deliberate actions taken by another to kill them, that’s a murder.
“Murder is the unlawful killing of a human being with malice aforethought.”
“Calvinball jurisprudence”
01·5 days agoguess what, I know how these work.
Neat. I don’t care.
so please tell me “how to do things right”, or shut up if you can’t tell any useful info
WTF? I’m not trying to tell you how to do anything. I’m sick of selfhosted twerps bitching about “how hard it is to self host” when they think everything should be like an app on their phone. You need to learn how networks, dhcp, dns, ssl, certificates, etc. work.
They’re cheap. You can also generate your own certs and use your own ca. But otherwise yes - quit yer bitching and learn how to do things right.
You don’t need to if you’re just using things locally.
But also - domains are cheap.
That’s a lot easier said that done for hobbyists that need a certificate for their home server.
I’d you’re going to self host you need to learn. I have no time for kids who just want “Google but free” and don’t want to spend any time learning what it takes to make that happen.
It’s being deiven by the browsers. Shorter certs mean less time for a compromised certificate to be causing trouble.
https://cabforum.org/working-groups/server/baseline-requirements/requirements/
Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?
Automate your certificate renewals. You should be automating updates for security anyway.
“Bare metal” has traditionally meant without any os either. Your code executes directly on hardware and has direct control over everything. Like a micro controller.
Code in a container executes on the hardware in exactly my the same way as code not running in a container - with the os as an intermediary.
“not running in a container” is not “running on bare metal”. It’s just running outside a container.
2·19 days agoBoth are used.
enough, a lot, more demanding.
You need to give some sort of guidance here.
How much money are you willing to spend? Resiliency is expensive.
This is… Pretty stupid. There are things to be careful about but it’s pretty straight forward to use iptables.