[lug] RH 7.x word of caution
Kevin Fenzi
kevin at ashara.scrye.com
Wed Jun 6 14:49:16 MDT 2001
>>>>> "Hugh" == Hugh Brown <hugh at vecna.com> writes:
Hugh> Good to know.
yeah, looks like the redhat 'ipchains' init.d entry doesn't check the
return status of ipchains. You guys might want to file a bug in the
redhat bugzilla on that one...
Hugh> Last I heard was that iptables had some major
Hugh> security problems that made it ineffective. Is that still the
Hugh> case? If so, what alternatives do people have if they are
Hugh> running linux 2.4?
no. It was the case for a pretty short time under some
circumstances. Basically if you were allowing incoming ftp connections
and using a "related" rule, people could trick things into bypassing
your firewall. It was a fixed in 2.4.4 and beyond. There was also a
patch out pretty quick. ;)
for more info, take a look at:
http://netfilter.samba.org/security-fix/index.html
I am using netfilter on my firewall just fine. It's much nicer than
ipchains and seems to work well.
Hugh> Hugh
kevin
--
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
More information about the LUG
mailing list