In case I can't make the conversation, I must suggest Bastille - a linux package that does firewalling and IP Masquerading. I have been using it for about 8 years now and have never had a hacked linux box running it.
I even had my ISP kill my network connection once because my server was being attacked by thousands of machines and never once got through and the machine never experienced any performance degredation.
> -----Original Message-----
> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
> Ed Summers
> Sent: Friday, July 27, 2007 5:18 PM
> To: [log in to unmask]
> Subject: [CODE4LIB] code4lib.org hosting
> As you may have seen or experienced code4lib.org is down for the count
> at the moment because of some hackers^w crackers who compromised anvil
> and defaced various web content and otherwise messed with the
> operating system. anvil is a machine that several people in the
> code4lib community run and pay for themselves.
> Given that code4lib has grown into a serious little gathering, with
> lots of effort being expended by the likes of Jeremy Frumkin and Brad
> LaJenuesse to make things happen -- it seems a shame to let this sort
> of thing happen. We don't have any evidence, but it seems that the
> entry point was the fact that various software packages weren't kept
> up to date.
> Anyhow, this is a long way of inviting you to a discussion Aug 1st
> @7PM GMT in irc://chat.freenode.net/code4lib to see what steps need to
> be taken to help prevent this from happening in the future.
> Specifically we're going to be talking about moving some of the web
> applications to institutions that are better set up to manage them.
> If this interests you at all try to attend!