[lug] RH 7.x word of caution

Ferdinand Schmid fschmid at archenergy.com
Thu Jun 7 10:31:58 MDT 2001


Have any of you looked at this document:
http://www.boingworld.com/workshops/linux/iptables-tutorial/

They list the modules you need for various common features.

Ferdinand

Kevin Fenzi wrote:
> 
> >>>>> "DStimits" == D Stimits <stimits at idcomm.com> writes:
> 
> DStimits> Somehow failing to check the return value of something so
> DStimits> significant reminds me of the story of a supertanker that
> DStimits> went under and killed everyone onboard because a small
> DStimits> personel hatch at the bow wasn't latched.
> 
> indeed. It's pretty apparent that they don't expect most people to
> upgrade the kernel they are using. The stock redhat kernel works fine
> with the ipchains module. ;(
> 
> DStimits> I'm having a hell of a time finding complete info on
> DStimits> netfilter. The man pages, HOWTO, FAQ, kernel Documentation,
> DStimits> so on, are all very incomplete.  One of my problems is that
> 
> really? I found the netfilter-HOWTO to be pretty good.
> Avaliable at
> packetstorm.securify.com/UNIX/firewall/ipchains/netfilter/
> (and other places).
> Perhaps thats just me tho... :)
> 
> DStimits> apparently there is a different kernel module required for
> DStimits> each change, DENY, one for REJECT (or is it DROP?), one for
> DStimits> MASQ, so on. I have compiled with a ton of iptables modules
> DStimits> enabled, but I cannot get the right module for DENY. The
> 
> yeah, the netfilter stuff is set to be pretty modular. This allows you
> to easily add things. However, the targets: ACCEPT, DROP, QUEUE, or
> RETURN are all built into the ip_tables module.
> 
> DStimits> kernel Documentation/Configure.help does not give direct
> DStimits> comments to say that a particular module is used for
> 
> yeah, it's unclear on that.
> 
> DStimits> DENY. Worse, some of the old ipchains functionality, it
> DStimits> simply states it is now required to be downloaded
> DStimits> separately...one can find this separate source, and even
> DStimits> install it, but there is absolutely no useful documentation
> 
<snip>
-- 
Ferdinand Schmid
http://www.archenergy.com
303-444-4149 x231



More information about the LUG mailing list