Re: Iptables firewall

To: debian-firewall@lists.debian.org
Subject: Re: Iptables firewall
From: Daniel Pittman <daniel@rimspace.net>
Date: Thu, 22 Jul 2004 12:25:33 +1000
Message-id: <[🔎] 87k6wwlqw2.fsf@enki.rimspace.net>
References: <[🔎] 40FABD9B.80106@verizon.net> <[🔎] 87ekn8j1kn.fsf@enki.rimspace.net> <[🔎] 64872.68.121.150.231.1090215970.squirrel@webmail.humboldt.edu> <[🔎] 87hds4v7pw.fsf@enki.rimspace.net> <[🔎] 65158.68.121.164.187.1090271476.squirrel@webmail.humboldt.edu> <[🔎] 87hds3twe5.fsf@enki.rimspace.net> <[🔎] 64930.68.121.164.187.1090286287.squirrel@webmail.humboldt.edu> <[🔎] 871xj7rtc5.fsf@enki.rimspace.net> <[🔎] 64881.68.122.7.147.1090369201.squirrel@webmail.humboldt.edu> <[🔎] 878ydep2a4.fsf@enki.rimspace.net> <[🔎] 46658.158.96.227.221.1090422684.squirrel@webmail.humboldt.edu>

On 22 Jul 2004, jmm wrote:
> Thanks Daniel

No problem. Sorry that you have had these problems. :)

> Even though tiger does not show errors and debsums cannot check /bin, I
> decided I am going to do a complete reinstall -again-- since aide (for
> some reason), reports files changes in /bin /dev and other places.  I
> don't know how to trust this report is until I learn more about aide.

That sounds like a good idea; better safe than sorry.

For what it is worth, I tend to do my system builds either behind a
known-good firewall, or without a network connection, and then make sure
any daemons are turned off while I connect to a network and update to
the latest security patches.

Oh, and in an on-topic thing, I tend to get 'firehol' installed as the
first service after sshd, and set up to 'outbound only' rules while I
get the rest of the thing right.

    Daniel
-- 
There is censorship in this country, all right, make no mistake about that,
but also make no mistake about its source...While the government will not
censor, apparently the networks will. The irreparable damage to the public is
all the same.
        -- Nicholas Johnson, Federal Communications Commissioner,
           _New York Times_, (April 8, 1969)

Reply to:

References:
- Iptables firewall
  - From: Sykotic <sykoticchaos@verizon.net>
- Re: Iptables firewall
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Iptables firewall
  - From: jmm19@humboldt.edu
- Re: Iptables firewall
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Iptables firewall
  - From: jmm19@humboldt.edu
- Re: Iptables firewall
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Iptables firewall
  - From: jmm19@humboldt.edu
- Re: Iptables firewall
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Iptables firewall
  - From: jmm19@humboldt.edu
- Re: Iptables firewall
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Iptables firewall
  - From: jmm19@humboldt.edu

Prev by Date: Hilton Non-Delivery Notification
Next by Date: Re: [fw-wiz] Firewalling at the domain users level instead of network level
Previous by thread: Re: Iptables firewall
Next by thread: Re: Iptables firewall
Index(es):
- Date
- Thread