Greg Smith wrote:
On Mon, 7 Jan 2008, Joshua D. Drake wrote:
Certainly and iptables gives you some flexibility in connection
availability "before" it hits the actual database but without having
to jimmy the production firewall.
4) Funky tricks with things like port forwarding and filtering that you
can't do with PostgreSQL alone, and that need to be active for people in
the internal LAN. I recall this one time where I needed the database
port to be different based on which of the local subnets the connection
was coming through (it was a version migration thing). Those were some
fun ipchains rules (yeah, that long ago) and I'd have been hard pressed
to do that on the firewall instead without a major contortion to the
network.
Some people won't like this but... packet shaping and bandwidth control
as well.
Joshua D. Drake
--
* Greg Smith gsmith@xxxxxxxxxxxxx http://www.gregsmith.com Baltimore, MD
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
message can get through to the mailing list cleanly
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
