Re: Firewall problems, kickstart - RH 7.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

No, the one I'm thinking of was an actually security hold in one of the modules for netfilter. I can't remember unfortunately though... 

Oh well, never mind.

Thanks,

			- Matt

hesselsp@xxxxxxxxxxxxxxx wrote:


no.

patch-o-matic is for things that aren't stable enough for production.

Its not a "security flaw" to not support a network protocol.  Its just a
missing feature.

If you use patch-o-matic then remember, these things are some combination
of pre-alpha, alpha and some beta.


On Mon, 18 Jun 2001, Matt Fahrner wrote:



I haven't checked this, but are you saying RedHat hasn't issued patches
for the security flaws in Netfilter for their RPMs?

I hope they have, if not they're being remiss...

			- Matt

Ian Mortimer wrote:


I'm trying to install our RedHat clients by using a custom
kick-start script.
<snip>


BUT STILL... the clients are UNABLE to mount using NFS and are
also unable to ypbind to the NIS server..


It sounds like you've got RH 7.1 so you can use iptables instead of
ipchains and add rpc connection tracking.  You'll have to patch your
kernel so you might as well get the latest kernel source, get the
latest netfilter patches and iptables from one of:

http://netfilter.samba.org/
http://netfilter.gnumonks.org/
http://netfilter.filewatcher.org/

Then use patch-o-matic to add the rpc connection tracking capability
(and any other patches you fancy) to the kernel.  Build and install
the kernel and insert your iptables rules.

This is a lot more work than you planned I'm sure but it's the only
way to get effective firewall security while allowing NIS and NFS.

Ian

_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/kickstart-list








--
---------------------------------------------------------------------
Matt Fahrner                                    2 South Park St.
Manager of Networking                           Willis House
Burlington Coat Factory Warehouse               Lebanon, N.H.  03766
TEL: (603) 448-4100 xt 5150                     USA
FAX: (603) 443-6190                             Matt.Fahrner@xxxxxxxx
---------------------------------------------------------------------
[Index of Archives]     [Red Hat General]     [CentOS Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux