On Thu, Aug 28, 2003 at 06:36:00PM -0400, Bret Comstock Waldow wrote:
> No from Debian Mozilla. Here's an example of the messages:
> Aug 28 17:35:55 ganesha kernel: DROPl:IN= OUT=eth0 SRC=192.168.2.30
> DST=205.156.51.200 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=21328 DF
> PROTO=TCP SPT=34131 DPT=80 WI
On Fri, 29 Aug 2003 14:42:46 -0700
Cam Ellison <[EMAIL PROTECTED]> wrote:
> * Steve Lamb ([EMAIL PROTECTED]) wrote:
> I beg to differ. When I installed shorewall, it gave some
> not-very-comprehensible options, and then did not give me what I
> wanted or needed.
Erm, how hard can it be? For
* Steve Lamb ([EMAIL PROTECTED]) wrote:
enough. What isn't it covering? How do I know?)
>
> Uh, by testing? It is far easier to set something up and test it than it
> is to learn the whole freakin' system from scratch. From what I've seen of
> your setup Shorewall would hand it trivially.
On 29 Aug 2003 10:26:57 -0400,
Bret Comstock Waldow <[EMAIL PROTECTED]> wrote in message
<[EMAIL PROTECTED]>:
>
> Yes, this is a fun place we all get to be individuals in, joking with
> each other. OTOH, I'm a Software Quality Assurance Analyst for a
> living, and you don't leave users high and
Apparently, Bret Comstock Waldow recently wrote:
> On Fri, 2003-08-29 at 10:44, Steve Lamb wrote:
>> On 29 Aug 2003 10:26:57 -0400
>> Bret Comstock Waldow <[EMAIL PROTECTED]> wrote:
>> > Yes, this is a fun place we all get to be individuals in, joking with
>> > each other. OTOH, I'm a Software Qu
> Beyond that, I'm willing to put in the time to learn. I'm doing that
> now.
>
> Cheers,
> Bret
If you want to spend some time getting down and dirty with iptables and
Linux firewalls, I suggest reading a good book.
I have the first and second editions of 'Linux Firewalls' published by
New Rider
On 29 Aug 2003 12:16:04 -0400
Bret Comstock Waldow <[EMAIL PROTECTED]> wrote:
> So, I can invest my time into studying their proprietary systems, or...
All systems are proprietary. Debian is proprietary to Debian. Instead of
learning Red-Hatisms you're learning Debianims.
> How much study d
On Fri, 2003-08-29 at 10:42, Colin Watson wrote:
> On Fri, Aug 29, 2003 at 10:26:57AM -0400, Bret Comstock Waldow wrote:
> > To then run across one suggestion along with language suggesting he
> > wasn't telling the whole story (so I could evaluate what to do with it)
> > and inferring I'll have t
On Fri, 2003-08-29 at 10:44, Steve Lamb wrote:
> On 29 Aug 2003 10:26:57 -0400
> Bret Comstock Waldow <[EMAIL PROTECTED]> wrote:
> > Yes, this is a fun place we all get to be individuals in, joking with
> > each other. OTOH, I'm a Software Quality Assurance Analyst for a
> > living, and you don't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Aug 29, 2003 at 10:26:57AM -0400, Bret Comstock Waldow wrote:
> > You're welcome to go through the resulting config files and take a
> > looksee for yourself. It's not like the Windows registry or reading
> > an SQL database with less or anyth
On Fri, Aug 29, 2003 at 10:26:57AM -0400, Bret Comstock Waldow wrote:
> To then run across one suggestion along with language suggesting he
> wasn't telling the whole story (so I could evaluate what to do with it)
> and inferring I'll have trouble if I use his suggestion was maddening.
>
> In joke
On 29 Aug 2003 10:26:57 -0400
Bret Comstock Waldow <[EMAIL PROTECTED]> wrote:
> Yes, this is a fun place we all get to be individuals in, joking with
> each other. OTOH, I'm a Software Quality Assurance Analyst for a
> living, and you don't leave users high and dry, and you don't play with
> them.
On Fri, 2003-08-29 at 06:57, Paul Johnson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Wed, Aug 27, 2003 at 11:06:23AM -0400, Bret Comstock Waldow wrote:
> > 1) If I use one of those tools, it does something, sets up something.
> > What will it do? It's someone else's canned
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Aug 27, 2003 at 11:06:23AM -0400, Bret Comstock Waldow wrote:
> 1) If I use one of those tools, it does something, sets up something.
> What will it do? It's someone else's canned decisions about how to
> implement the choices I select from w
Bret Comstock Waldow wrote:
On Thu, 2003-08-28 at 02:35, Jacob Anawalt wrote:
[snip]
Browser from Linux account or in VMWare Win98 works? Try both and let us
know.
IE from Win98 works, Mozilla from Debian doesn't.
With these rules, samba couldn't restore the mapped drive I have from
Wi
On Thu, 2003-08-28 at 02:35, Jacob Anawalt wrote:
> Wow, those were some rules. It will take a bit for me to get my head
> around them. Are you looking at a book on ipchains at the same time by
> chance? You have so many similar rules in the input, forward and output
> chains, that it reminds
On Wed, Aug 27, 2003 at 09:13:51PM -0600, Jacob Anawalt wrote:
> Bret Comstock Waldow wrote:
> >On Wed, 2003-08-27 at 00:39, Kevin Mark wrote:
> >>the script can not be accessed by anyone. it can only be called inside
> >>the script which can only be run by a root user. So it doesnt see to be
> >>s
Bret Comstock Waldow wrote:
On Wed, 2003-08-27 at 23:13, Jacob Anawalt wrote:
#192.168.1.1 doesn't get any traffic from us
iptables -A OUTPUT -d 192.168.1.1 -j DROP
That's the 'plumbing' level access to iptables which works for all Linux kernels supporting iptables, irreguardless of distributi
On Wed, 2003-08-27 at 23:13, Jacob Anawalt wrote:
> #192.168.1.1 doesn't get any traffic from us
> iptables -A OUTPUT -d 192.168.1.1 -j DROP
>
> That's the 'plumbing' level access to iptables which works for all Linux kernels
> supporting iptables, irreguardless of distribution. In other words,
Bret Comstock Waldow wrote:
On Wed, 2003-08-27 at 00:39, Kevin Mark wrote:
On Wed, 2003-08-27 at 00:19, Bret Comstock Waldow wrote:
On Tue, 2003-08-26 at 23:14, Kevin Mark wrote:
you can read /etc/init.d/iptables comments for info.
Hmmm. On reading, I notice a function na
Bret Comstock Waldow wrote:
On Wed, 2003-08-27 at 14:12, Murray J. Brown wrote:
BTW, the author's note was not a cop-out; it was actually an insightful
remark, albeit terse and presumptive of some sophistication on the part
of the user.
I continue not to agree on this count. The note pro
On Wed, Aug 27, 2003 at 05:44:12PM +0100, Chris Wilcox wrote:
> First post folks so I'm unsure if we top post or not round here but
> everyone else seems to so I'll join in! :)
We don't. Please post in conventional reading order, i.e. at the bottom!
Cheers,
--
Colin Watson
On Wed, 2003-08-27 at 14:12, Murray J. Brown wrote:
> BTW, the author's note was not a cop-out; it was actually an insightful
> remark, albeit terse and presumptive of some sophistication on the part
> of the user.
I continue not to agree on this count. The note provided didn't say
anything abou
Hi Bret,
On Wed, 2003-08-27 at 11:06, Bret Comstock Waldow wrote:
> On Wed, 2003-08-27 at 07:12, Paul Johnson wrote:
[snip]
> But please notice two things:
>
> 1) If I use one of those tools, it does something, sets up something.
> What will it do? It's someone else's canned decisions about how
First post folks so I'm unsure if we top post or not round here but everyone
else seems to so I'll join in! :)
It took me weeks of searching and asking of questions to a knowledgable
friend before I even got close to understanding iptables. Although it's Red
Hat based, I wrote up most of what
Bret, I will address your question, but first: before delving into
constructing your own iptables rules, I suggest you seriously look at
might want to look at what some of the firewall tools can do for you
unless you really understand what you're doing. I suggest you look at
Shorewall and Bastill
On Wed, 2003-08-27 at 07:12, Paul Johnson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Aug 26, 2003 at 09:12:15PM -0400, Bret Comstock Waldow wrote:
> > # A: I was pretty much hounded into providing it. I do not like it.
> > #Don't use it. Use /etc/network/interfaces,
On 26 Aug 2003 23:54:06 -0400
Bret Comstock Waldow <[EMAIL PROTECTED]> wrote:
> Thank you for this.
>
> My apologies to all for broadcasting my frustration. It's not the
> best way to handle things.
>
> Bret
For what it's worth, I also found iptables pretty murky as well. I
cheated, I installe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Aug 26, 2003 at 09:12:15PM -0400, Bret Comstock Waldow wrote:
> # A: I was pretty much hounded into providing it. I do not like it.
> #Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
> #scripts use /etc/ppp/ip-*.d/ scri
On 26 Aug 2003, Bret Comstock Waldow wrote:
> I can find all the sites and advice I want about how to form iptables
> rules, but I can't find any decent discussion of how to enable the damn
> things.
>
> I get the idea that an iptables firewall is set up by actually running a
> bunch of "iptables
On Wed, 2003-08-27 at 00:39, Kevin Mark wrote:
> On Wed, 2003-08-27 at 00:19, Bret Comstock Waldow wrote:
> > On Tue, 2003-08-26 at 23:14, Kevin Mark wrote:
> >
> > > you can read /etc/init.d/iptables comments for info.
> >
> > Hmmm. On reading, I notice a function named "initd_clear" called by
On Wed, 2003-08-27 at 00:19, Bret Comstock Waldow wrote:
> On Tue, 2003-08-26 at 23:14, Kevin Mark wrote:
>
> > you can read /etc/init.d/iptables comments for info.
>
> Hmmm. On reading, I notice a function named "initd_clear" called by an
> argument of "clear". Running this leaves the system o
On Tue, Aug 26, 2003 at 09:12:15PM -0400, Bret Comstock Waldow wrote:
> I can find all the sites and advice I want about how to form iptables
> rules, but I can't find any decent discussion of how to enable the damn
> things.
For network interfaces, I usually stick it as a pre-up item in the
/etc/
On Tue, 2003-08-26 at 23:14, Kevin Mark wrote:
> you can read /etc/init.d/iptables comments for info.
Hmmm. On reading, I notice a function named "initd_clear" called by an
argument of "clear". Running this leaves the system open - all targets
are "ACCEPT".
The README in /etc/init.d points at
Thank you for this.
My apologies to all for broadcasting my frustration. It's not the best
way to handle things.
Bret
On Tue, 2003-08-26 at 23:14, Kevin Mark wrote:
> > Someone somewhere speaks to issue of the actual plumbing to implement
> > iptables. Can anyone point me?
>
> you can read /
On Tue, 2003-08-26 at 21:12, Bret Comstock Waldow wrote:
> I can find all the sites and advice I want about how to form iptables
> rules, but I can't find any decent discussion of how to enable the damn
> things.
>
> I get the idea that an iptables firewall is set up by actually running a
> bunch
I can find all the sites and advice I want about how to form iptables
rules, but I can't find any decent discussion of how to enable the damn
things.
I get the idea that an iptables firewall is set up by actually running a
bunch of "iptables -options" lines, presumably from a script.
But where do
37 matches
Mail list logo
