I haven't checked this, but are you saying RedHat hasn't issued patches for the security flaws in Netfilter for their RPMs? I hope they have, if not they're being remiss... - Matt Ian Mortimer wrote: > > > I'm trying to install our RedHat clients by using a custom > > kick-start script. > > <snip> > > > BUT STILL... the clients are UNABLE to mount using NFS and are > > > also unable to ypbind to the NIS server.. > > It sounds like you've got RH 7.1 so you can use iptables instead of > ipchains and add rpc connection tracking. You'll have to patch your > kernel so you might as well get the latest kernel source, get the > latest netfilter patches and iptables from one of: > > http://netfilter.samba.org/ > http://netfilter.gnumonks.org/ > http://netfilter.filewatcher.org/ > > Then use patch-o-matic to add the rpc connection tracking capability > (and any other patches you fancy) to the kernel. Build and install > the kernel and insert your iptables rules. > > This is a lot more work than you planned I'm sure but it's the only > way to get effective firewall security while allowing NIS and NFS. > > Ian > > _______________________________________________ > Kickstart-list mailing list > Kickstart-list@xxxxxxxxxx > https://listman.redhat.com/mailman/listinfo/kickstart-list -- --------------------------------------------------------------------- Matt Fahrner 2 South Park St. Manager of Networking Willis House Burlington Coat Factory Warehouse Lebanon, N.H. 03766 TEL: (603) 448-4100 xt 5150 USA FAX: (603) 443-6190 Matt.Fahrner@xxxxxxxx ---------------------------------------------------------------------
