[lug] logger entry for punching hole for nameserver
D. Stimits
stimits at idcomm.com
Tue Apr 24 10:13:49 MDT 2001
David Trowbridge wrote:
>
> Hi - I'm new to the list. I'd like to point out a possible problem (that
> most probably already know about) and ask a question.
>
> First, iptables (in its default distribution) has a fairly serious
> security hole. Most firewalls are configured to utilize the RELATED state,
> but if a person can get an FTP connection, they can add rules to your
> firewall. There's an advisory on securityfocus and a netfilter patch for
> the kernel.
Don't enable iptables. Use chkconfig --list to see if it is running.
chkconfig can also be used to turn it off. The particular security
errata seemed serious enough to not use iptables till it is updated,
unless you really know what you are doing.
>
> Second, does rh7.1 come with 2.4.2? I haven't yet had time to download the
> images.
It says 2.4.2, but it is actually a RH patched version, 2.4.2-something:
http://www.redhat.com/products/software/linux/pl_rhl.html
D. Stimits, stimits at idcomm.com
>
> Nice to find a new mailing list with interesting people,
> -David
>
> -------------------
> David Trowbridge
> jupiter at flatirons.org
> http://jupiter.babylonia.flatirons.org
>
> "Base 8 is just like base 10 really...if you're missing two fingers"
>
> On Tue, 24 Apr 2001 charles at lunarmedia.net wrote:
>
> > >
> > > I haven't seen it before. What kernel version is it? I wonder if it is
> > > maybe something new with 2.4.x iptables. A search on google for
> > > "punching nameserver" didn't get anything.
> > >
> >
> > yeah, this was a new one one me. i am running 2.4.2, however
> > i am using ipchains rulessets rather than ones written for
> > iptables. its a brand new install of rh7.1
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list