[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)



On 01-09-26 Roberto Suarez Soto wrote:
> On Sep/26/2001, Christian Kurz wrote:
> > > 	I think that maybe he refers to the fact that, for example, you may
> > > have formatted your ext2 partitions so they are incompatible with 2.0.x
> > Well, I once heared about this, but never read an explanation what
> > exactly causes the differences in the ext2 partitions created while
> > running a 2.0.x kernel and why they have been introduced.
 
> 	The features are documented in mke2fs(8), under "-O" (or it seems, for
> what I've seen). They don't seem to be too useful (unless I'm missing
> something), but anyway they are there.

Thanks for the pointer, which explains the features and partly reasons
for them. If someone has a pointer to an even more detailed or longer
explanation, please mail me.
 
> > Well, iptables is only available for kernel 2.4.x, but with kernel 2.2.x
> > you can still build a firewall with ipchains or ipfwadm if you still use

> 	Yes, but it's not the same building a firewall with 2.4.x and building
> a firewall with 2.2.x or 2.0.x. There are a few things that you can do only
> with 2.4, not with lower versions. Stateful firewalling, for example.

Well, you may have not the full features available but you can build
with all version a firewall and have at least filtering per ip or port
available. So compared to the situation with bind, by using cp,rsync or
some other tool for keeping the config files in sync, this would still
be possible. If mount -bind is used for creating the chroot this would
not be possible and it would be like needing kernel 2.4.x for building a
firewall.
 
Christian
-- 
           Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgpipfa9BBhou.pgp
Description: PGP signature


Reply to: