Re: Latest Mandrake
Hello,
On Sat, Dec 16, 2000 at 05:43:47PM -0600, Manoj Srivastava wrote:
> >>"Toni" == Toni Mueller <deb-l@tonimueller.org> writes:
> Toni> ipmasq has shot me in the leg by munging my hand-crafted
> Toni> firewall rules so often and in inexplicable ways that I
> Toni> consider it to be a misfeature in the first place.
> Really? ipmasq sets up a set of ``official'' rules, which can
> be overridden individually by the local sysadmin. Indeed, the major
> design feature was to have it so the the runles included in the
> package do not iver ride the local rules, and the fact that you clain
yes, I read that in the documentation.
> it has munged your hand crafted rules not once, but several times,
> indicates you do not understand how to use the package.
Yes, too. I don't understand how to override that package's rules
properly, but I also don't know anybody who _does_ know how to
do that. I also said that I had limited time to look into that
documentation...
Administrating a set of ipmasq rules together with their respective
local exceptions imho is a major headache, and I actually don't
see the benefit using ipmasq with it's myriad of config files (you
need when trying to override the built-in rules) compared with
just running a script like
#!/bin/sh
ipchains ...
ipchains ...
ipchains ... (my rules here)
ipchains ...
ipchains -L -n -v -e
exit 0
early in the boot process for a given installation. So I
opt for the latter version.
> The fact that it has happened several times seems incredible,
> given that you are supposed to be in charge of security of your
> installation.
Yes, maybe. But see above... It took me some time to find out
what was overriding my rules I crafted (when in the installation
phase), but once I got it I threw out ipmasq and all was well :/
It took me reading this list to hear that actually someone is
using ipmasq successfully. All other people I know also just
throw out ipmasq and run their own set of rules.
Best Regards,
--Toni++
Reply to: