RE: Start up scripts

To: "'Henry Hollenberg'" <speed@barney.iamerica.net>, "Meskes, Michael" <meskes@topsystem.de>
Cc: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
Subject: RE: Start up scripts
From: "Meskes, Michael" <meskes@topsystem.de>
Date: Thu, 5 Mar 1998 15:37:41 +0100
Message-id: <[🔎] 11720CEF3853D011AC0C00A024B7A9E111259F@einstein.topsystem.de>

I do not use these all. :-) BTW the second number listed is the use
count. As you see only ftp is in use now. But some of my users have used
vdolive and of course irc . Also we wanted to try cuseeme.

Anyway, I don't think restricting ftp to passive is a good idea. While I
agree that it is for security reasons it certainly is not for user
friendlyness. There's more to ftp than using a browser to access some
files. There are quite some programs, libraries and scripts that use
ftp. And not all are configurable.

I think we shouldn't act as if we were on an island. We will get users
who ask for these services and I prefer a firewall that has been
constructed with these in mind.

Michael

--
Dr. Michael Meskes, Project-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10

> -----Original Message-----
> From:	Henry Hollenberg [SMTP:speed@barney.iamerica.net]
> Sent:	Thursday, March 05, 1998 3:23 PM
> To:	Meskes, Michael
> Subject:	RE: Start up scripts
> 
> 
> > ip_masq_vdolive    1            0
> > ip_masq_quake      1            0
> > ip_masq_ftp        1            2
> > ip_masq_raudio     1            0
> > ip_masq_irc        1            0
> > ip_masq_cuseeme    1            0
> > 
> > You could get rid of them if you don't waynt to allow the the
> program to
> > be used or add a proxy for it.
> 
> I was planning on using passive ftp clients and allowing this in and
> out
> with IP filters....seemed like alot less hassle and the browsers
> (Netscape) support this already.
> 
> Now the others, boy, your having some fun....I imagine when I get this
> firewall done, you and I are going to have to talk! :-).  That sounds
> like
> some neat stuff to try out.
> 
> But, for now, I think I must be more conservative....I've got this
> Corporation and Hospital that aren't going to be real sympathetic with
> my
> need to do irc, etc.... (I know it's important, but it's tough to
> convince
> them sometimes....do you guys have to reuse your styrofoam coffee
> cups....just wondering....:-)
> 
> I guess when that time comes I'd be more inclined to proxy those
> services.
> I'd really like to follow the book for now and keep the kernel
> non-modulated if at all possible.
> 
> Later on we ought to be able to tinker with variations on the
> specification and start the most valuable phase of the project in my
> opinion....accruing stats on exploits to "standard" firewall setups.
> This
> information ought to be very valuable.  But first you've got to have a
> standard that data can be collected on so we can compare apples to
> apples.
> 
> hgh
> 
> 
> --
> E-mail the word "unsubscribe" to
> debian-firewall-request@lists.debian.org
> TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  e-mail to
> listmaster@debian.org .


--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  e-mail to listmaster@debian.org .

Reply to:

Follow-Ups:
- RE: Start up scripts
  - From: Henry Hollenberg <speed@barney.iamerica.net>

Prev by Date: RE: Start up scripts
Next by Date: RE: Start up scripts
Previous by thread: Re: Start up scripts
Next by thread: RE: Start up scripts
Index(es):
- Date
- Thread