[lug] RH 7.x word of caution

D. Stimits stimits at idcomm.com
Thu Jun 7 11:29:54 MDT 2001 

Ferdinand Schmid wrote:
> 
> Have any of you looked at this document:
> http://www.boingworld.com/workshops/linux/iptables-tutorial/
> 
> They list the modules you need for various common features.

I'll check it out today...haven't seen it yet.

D. Stimits, stimits at idcomm.com

> 
> Ferdinand
> 
> Kevin Fenzi wrote:
> >
> > >>>>> "DStimits" == D Stimits <stimits at idcomm.com> writes:
> >
> > DStimits> Somehow failing to check the return value of something so
> > DStimits> significant reminds me of the story of a supertanker that
> > DStimits> went under and killed everyone onboard because a small
> > DStimits> personel hatch at the bow wasn't latched.
> >
> > indeed. It's pretty apparent that they don't expect most people to
> > upgrade the kernel they are using. The stock redhat kernel works fine
> > with the ipchains module. ;(
> >
> > DStimits> I'm having a hell of a time finding complete info on
> > DStimits> netfilter. The man pages, HOWTO, FAQ, kernel Documentation,
> > DStimits> so on, are all very incomplete.  One of my problems is that
> >
> > really? I found the netfilter-HOWTO to be pretty good.
> > Avaliable at
> > packetstorm.securify.com/UNIX/firewall/ipchains/netfilter/
> > (and other places).
> > Perhaps thats just me tho... :)
> >
> > DStimits> apparently there is a different kernel module required for
> > DStimits> each change, DENY, one for REJECT (or is it DROP?), one for
> > DStimits> MASQ, so on. I have compiled with a ton of iptables modules
> > DStimits> enabled, but I cannot get the right module for DENY. The
> >
> > yeah, the netfilter stuff is set to be pretty modular. This allows you
> > to easily add things. However, the targets: ACCEPT, DROP, QUEUE, or
> > RETURN are all built into the ip_tables module.
> >
> > DStimits> kernel Documentation/Configure.help does not give direct
> > DStimits> comments to say that a particular module is used for
> >
> > yeah, it's unclear on that.
> >
> > DStimits> DENY. Worse, some of the old ipchains functionality, it
> > DStimits> simply states it is now required to be downloaded
> > DStimits> separately...one can find this separate source, and even
> > DStimits> install it, but there is absolutely no useful documentation
> >
> <snip>
> --
> Ferdinand Schmid
> http://www.archenergy.com
> 303-444-4149 x231
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list