[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains rules for dmz??

On Wednesday 29 May 2002 11:30 am, Rishi L Khan wrote:
> I looked into shorewall. It doesn't support ipchains, but seawall does.
> Would you suggest updating to iptables or using seawall?
> Do you think that Linux 2.4.x is stable yet? If so, which version?

The kernel overall I believe is considered stable, I've been using 2.4.18 for 
sometime now and have had no major problems with it. .17 gave me usb horror 
but was fixed in 18.  The only bug I'd watch for would be the NAT bug found 
by "cartel-securite.fr" using a patch to nmap which reviels internal ip 
According to their advisory 2.4.4 -> 2.4.19pre6 are vulnerable.

> I believe that ipchains can do the job and that linux 2.2.20 is stable. I
> don't have experience in 2.4.x kernels yet, but am willing to look into
> it if people think that it's as stable as 2.2.20.
> Are there any security issues with the currentversion of ipchains that is
> addressed with iptables (I don't mean iptables features like stateful
> packet filtering -- I mean security vulnerabilities)
I've stuck with ipchains myself, but for no significant reason other than 
being lazy =).
> 		-rishi
> On Wed, 29 May 2002, Sami Dalouche wrote:
> > > Howabout installing shorewall? (www.shorewall.net) the best iptables
> >
> > script i have ever seen.
> >
> > It's not only the best iptables script you've ever seen, but it's also a
> > nice high-level configuration tool for everything
> > concerning firewalling.. Traffic Shaping, IPSec...
> >
> > Sam

Orlando Padilla
"I only drink to make other people interesting"

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: