[lug] RH 7.x word of caution
D. Stimits
stimits at idcomm.com
Wed Jun 6 15:09:02 MDT 2001
Kevin Fenzi wrote:
>
> >>>>> "Hugh" == Hugh Brown <hugh at vecna.com> writes:
>
> Hugh> Good to know.
>
> yeah, looks like the redhat 'ipchains' init.d entry doesn't check the
> return status of ipchains. You guys might want to file a bug in the
> redhat bugzilla on that one...
I did earlier today.
>
> Hugh> Last I heard was that iptables had some major
> Hugh> security problems that made it ineffective. Is that still the
> Hugh> case? If so, what alternatives do people have if they are
> Hugh> running linux 2.4?
>
> no. It was the case for a pretty short time under some
> circumstances. Basically if you were allowing incoming ftp connections
> and using a "related" rule, people could trick things into bypassing
> your firewall. It was a fixed in 2.4.4 and beyond. There was also a
> patch out pretty quick. ;)
>
> for more info, take a look at:
> http://netfilter.samba.org/security-fix/index.html
>
> I am using netfilter on my firewall just fine. It's much nicer than
> ipchains and seems to work well.
Will the current ipchains rules work on netfilter, or must they be
converted? This is my quandry...deciding what I need to do if I will use
iptables instead of ipchains, with an interest only in packet filtering.
What are the options?
D. Stimits, stimits at idcomm.com
>
> Hugh> Hugh
>
> kevin
> --
> Kevin Fenzi
> MTS, tummy.com, ltd.
> http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list