Re: ipchains rules for dmz??
On Wednesday 29 May 2002 11:30 am, Rishi L Khan wrote:
> I looked into shorewall. It doesn't support ipchains, but seawall does.
> Would you suggest updating to iptables or using seawall?
> Do you think that Linux 2.4.x is stable yet? If so, which version?
The kernel overall I believe is considered stable, I've been using 2.4.18 for
sometime now and have had no major problems with it. .17 gave me usb horror
but was fixed in 18. The only bug I'd watch for would be the NAT bug found
by "cartel-securite.fr" using a patch to nmap which reviels internal ip
According to their advisory 2.4.4 -> 2.4.19pre6 are vulnerable.
> I believe that ipchains can do the job and that linux 2.2.20 is stable. I
> don't have experience in 2.4.x kernels yet, but am willing to look into
> it if people think that it's as stable as 2.2.20.
> Are there any security issues with the currentversion of ipchains that is
> addressed with iptables (I don't mean iptables features like stateful
> packet filtering -- I mean security vulnerabilities)
I've stuck with ipchains myself, but for no significant reason other than
being lazy =).
> On Wed, 29 May 2002, Sami Dalouche wrote:
> > > Howabout installing shorewall? (www.shorewall.net) the best iptables
> > script i have ever seen.
> > It's not only the best iptables script you've ever seen, but it's also a
> > nice high-level configuration tool for everything
> > concerning firewalling.. Traffic Shaping, IPSec...
> > Sam
"I only drink to make other people interesting"
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org