[lug] logger entry for punching hole for nameserver

David Trowbridge jupiter at flatirons.org
Tue Apr 24 10:18:00 MDT 2001 

Personally, I don't run an INET server (on my personal machine), and use
only SSH/SCP.

Seems bizzare that redhat would ship with a broken kernel, too.
-David

-------------------
David Trowbridge
jupiter at flatirons.org
http://jupiter.babylonia.flatirons.org

"Base 8 is just like base 10 really...if you're missing two fingers"

On Tue, 24 Apr 2001, D. Stimits wrote:

> David Trowbridge wrote:
> >
> > Hi - I'm new to the list. I'd like to point out a possible problem (that
> > most probably already know about) and ask a question.
> >
> > First, iptables (in its default distribution) has a fairly serious
> > security hole. Most firewalls are configured to utilize the RELATED state,
> > but if a person can get an FTP connection, they can add rules to your
> > firewall. There's an advisory on securityfocus and a netfilter patch for
> > the kernel.
>
> Don't enable iptables. Use chkconfig --list to see if it is running.
> chkconfig can also be used to turn it off. The particular security
> errata seemed serious enough to not use iptables till it is updated,
> unless you really know what you are doing.
>
> >
> > Second, does rh7.1 come with 2.4.2? I haven't yet had time to download the
> > images.
>
> It says 2.4.2, but it is actually a RH patched version, 2.4.2-something:
> http://www.redhat.com/products/software/linux/pl_rhl.html
>
> D. Stimits, stimits at idcomm.com
>
> >
> > Nice to find a new mailing list with interesting people,
> > -David
> >
> > -------------------
> > David Trowbridge
> > jupiter at flatirons.org
> > http://jupiter.babylonia.flatirons.org
> >
> > "Base 8 is just like base 10 really...if you're missing two fingers"
> >
> > On Tue, 24 Apr 2001 charles at lunarmedia.net wrote:
> >
> > > >
> > > > I haven't seen it before. What kernel version is it? I wonder if it is
> > > > maybe something new with 2.4.x iptables. A search on google for
> > > > "punching nameserver" didn't get anything.
> > > >
> > >
> > >       yeah, this was a new one one me. i am running 2.4.2, however
> > >       i am using ipchains rulessets rather than ones written for
> > >       iptables. its a brand new install of rh7.1
> > >
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list