Re: Kernel options - how to determine which are needed?
On Sun, 14 Dec 2003 10:04:07 -0800,
Steve Lamb <firstname.lastname@example.org> wrote in message
> Arnt Karlsen wrote:
> > .._I_ would add everything in netfilter/iptables and remove ipchains
> > support, and make use of iptables statefullness features, up high in
> > in my rule lists, seatch netfilter.org mailing lists for samples of
> > " -j ALLOW RELATED,ESTABLISHED " in action.
> Well, that's a given. The other part of the reason for a new
> kernel is
> to get iptables support in there so I can get Shorewall up on that
> machine. Just makes me nervous not knowing what options I can drop on
> a machine I have no physical access to. :/
..shorewall is neat. Using the webmin gui module?
..if you're a iptables newbie fresh from the ipchains bronze age world,
just make sure you understand the subtle new meanings to a few
things in iptables. ;-)
..oh, and I skipped the ipchains, I came straight from the stone age
2.0.36 SuSE-5.2|RH-5.2, so I just know that these subtle things exist,
not what they are, I decided to ipchains skip as soon as I learned Linus
and the guys were working on the "new thing" in linux-2.3.somethinglate,
so I used iptables from "day one" with RH's 2.4.2-2 patchy hack. ;-)
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.