|
Hi guys,
a) It's not part of a load balancer to do security.
So are you saying that even if the Antefacto patch didn't
have the problem of the slow netfilter code, that you still
shouldn't be using the director as a firewall?
Personally I think that is a matter of mechanism vs policy.
I agree 100% with Horms here. If netfilter is a good enough policy for
people they should certainly use the antofacto patch and we should thus
make sure it will coexist nicely with the current implementation status
of LVS.
I know that I have been a bit "tense" in the past when it came to
security and LVS. I realised that most people do not have to take the
level of security counter measures like we do, so instead of
categorically denying the use of netfilter in conjunction with LVS I
acknowledge its right to exist as a completely viable solution for a site.
Cheers,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
|
