no. patch-o-matic is for things that aren't stable enough for production. Its not a "security flaw" to not support a network protocol. Its just a missing feature. If you use patch-o-matic then remember, these things are some combination of pre-alpha, alpha and some beta. On Mon, 18 Jun 2001, Matt Fahrner wrote: > I haven't checked this, but are you saying RedHat hasn't issued patches > for the security flaws in Netfilter for their RPMs? > > I hope they have, if not they're being remiss... > > - Matt > > Ian Mortimer wrote: > > > > > I'm trying to install our RedHat clients by using a custom > > > kick-start script. > > > <snip> > > > > BUT STILL... the clients are UNABLE to mount using NFS and are > > > > also unable to ypbind to the NIS server.. > > > > It sounds like you've got RH 7.1 so you can use iptables instead of > > ipchains and add rpc connection tracking. You'll have to patch your > > kernel so you might as well get the latest kernel source, get the > > latest netfilter patches and iptables from one of: > > > > http://netfilter.samba.org/ > > http://netfilter.gnumonks.org/ > > http://netfilter.filewatcher.org/ > > > > Then use patch-o-matic to add the rpc connection tracking capability > > (and any other patches you fancy) to the kernel. Build and install > > the kernel and insert your iptables rules. > > > > This is a lot more work than you planned I'm sure but it's the only > > way to get effective firewall security while allowing NIS and NFS. > > > > Ian > > > > _______________________________________________ > > Kickstart-list mailing list > > Kickstart-list@xxxxxxxxxx > > https://listman.redhat.com/mailman/listinfo/kickstart-list > > -- -- Paul
