Re: ftp server behind a firewall
--- Volker Tanger <volker.tanger@discon.de> escreveu:
> Greetings!
>
> On Fri, 4 Jul 2003 11:24:51 +0200 Harald Thoeny
> <harald.thoeny@swissonline.ch> wrote:
> >
> > all i have to do is to load to kernelmodules.
> > ip_conntrack_ftp and ip_nat_ftp
> >
> > right now everything is working fine.
> >
> > but is it possible that the kernel unload those
> two modules if they
> > are unused for a longer time ? and how to load
> this to at boottime ?
>
> man modutils
> man modules.conf
But note that it makes the kernel bigger, and if not
done properly it can f#@% the system's performance.
>From my experience (not much, but i've working with it
for quite some time) and it doesn't affected the
security of my LAN having a kernel that looks almost
like a QNX micro-kernel!!!! My advice is to use
modules wherever you can, but only those modules that
are needed to put ur firewall up'n running(e.g. u
don't need sound modules or 32-bit color in ur
monitor,
but USB keyboard and mouse would be useful so u don't
need to stop your whole network only to change those
things.
H.I.H.U.
> alternatively: cook your own kernel with the proper
> parts included - for
> a firewall preferrably monolithic without modules
> support. Makes hacking
> the kernel much more difficult...
> ;-)
>
> Bye
>
> Volker Tanger
>
> --
>
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to
> debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
_______________________________________________________________________
Yahoo! Mail
Mais espaço, mais segurança e gratuito: caixa postal de 6MB, antivírus, proteção contra spam.
http://br.mail.yahoo.com/
Reply to: