[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel options - how to determine which are needed?



On Sun, 14 Dec 2003 10:04:07 -0800, 
Steve Lamb <grey@dmiyu.org> wrote in message 
<[🔎] 3FDCA617.3010307@dmiyu.org>:

> Arnt Karlsen wrote:
> > .._I_ would add everything in netfilter/iptables and remove ipchains
> > support, and make use of iptables statefullness features, up high in
> > in my rule lists, seatch netfilter.org mailing lists for samples of
> > " -j ALLOW RELATED,ESTABLISHED " in action.
> 
>      Well, that's a given.  The other part of the reason for a new
>      kernel is 
> to get iptables support in there so I can get Shorewall up on that
> machine. Just makes me nervous not knowing what options I can drop on
> a machine I have no physical access to.  :/
 
..shorewall is neat.  Using the webmin gui module?

..if you're a iptables newbie fresh from the ipchains bronze age world,
just make sure you understand the subtle new meanings to a few
things in iptables.  ;-)

..oh, and I skipped the ipchains, I came straight from the stone age
2.0.36 SuSE-5.2|RH-5.2, so I just know that these subtle things exist,
not what they are, I decided to ipchains skip as soon as I learned Linus
and the guys were working on the "new thing" in linux-2.3.somethinglate,
so I used iptables from "day one" with RH's 2.4.2-2 patchy hack.  ;-)

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.



Reply to: