[lug] RH 7.x word of caution

Hugh Brown hugh at vecna.com
Wed Jun 6 14:13:02 MDT 2001


Good to know.

Last I heard was that iptables had some major security problems that made
it ineffective.  Is that still the case?  If so, what alternatives do
people have if they are running linux 2.4?

Hugh


"D. Stimits"
> 
> As it turns out, the /etc/rc.d/init.d/ipchains script on RH 7.1 (and
> probably anything "2.4.x kernel ready") fails to mention when ipchains
> is deactivated due to lack of kernel support. If you are booting up, you
> will not get a failure message from your ipchains startup script when
> the kernel does not support ipchains. You must manually test it as root
> via "ipchains -L", and see if it lists rules, or states:
> ipchains: Incompatible with this kernel
> 
> After reviewing some logs, and discovering this (despite using current
> software that is overall configured right), I am tempted to completely
> fdisk my machine just because I've been running without ipchains
> (thought I thought it was running) for about two weeks now. Anyone using
> a RH 7.x box with ipchains and any kernel other than the stock supplied
> RH kernel in the 2.4.x series should manually run "ipchains -L" and test
> if your ipchains is really active or not.
> 
> D. Stimits, stimits at idcomm.com



More information about the LUG mailing list