On Sun, 14 Dec 2003 10:04:07 -0800, Steve Lamb <[EMAIL PROTECTED]> wrote in message <[EMAIL PROTECTED]>:
> Arnt Karlsen wrote: > > .._I_ would add everything in netfilter/iptables and remove ipchains > > support, and make use of iptables statefullness features, up high in > > in my rule lists, seatch netfilter.org mailing lists for samples of > > " -j ALLOW RELATED,ESTABLISHED " in action. > > Well, that's a given. The other part of the reason for a new > kernel is > to get iptables support in there so I can get Shorewall up on that > machine. Just makes me nervous not knowing what options I can drop on > a machine I have no physical access to. :/ ..shorewall is neat. Using the webmin gui module? ..if you're a iptables newbie fresh from the ipchains bronze age world, just make sure you understand the subtle new meanings to a few things in iptables. ;-) ..oh, and I skipped the ipchains, I came straight from the stone age 2.0.36 SuSE-5.2|RH-5.2, so I just know that these subtle things exist, not what they are, I decided to ipchains skip as soon as I learned Linus and the guys were working on the "new thing" in linux-2.3.somethinglate, so I used iptables from "day one" with RH's 2.4.2-2 patchy hack. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
