[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wish list

To: securedistros@nl.linux.org
Subject: Re: wish list
From: Pere Camps <pere@casal.upc.es>
Date: Mon, 7 Jun 1999 00:39:58 +0200 (CET)
In-Reply-To: <Pine.LNX.4.05.9906061534270.10314-100000@Nathan.ADHosting.Com>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@humbolt.nl.linux.org

Hi!

> possibly instead of commenting out the things in /etc/inetd.conf to keep
> the machine functional.. have a firewall script that utilizes ipchains or
> something alike to deny services from to the outside world.

	Possible, but what's the use of having a single host acting as a
firewall?

	I see a possibility if you don't have any services open and you
wish not to be affected by possible secure-related tcp/ip bugs (although I
don't know to what extent ipchains would secure you, I'm no tcp/ip guru.

	I think that even only if you have one service open, then it's
pretty useless to have a single-firewalled host.

	It's much more esasir to simply comment out a service in inetd and
add the proper line in /etc/hosts.allow.

-- p.

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

Follow-Ups:
- Re: wish list
  - From: Nathan Staab <nathan@Nathan.ADHosting.Com>
- Re: wish list
  - From: "Anthony D. Urso" <anthonyu@killa.net>

References:
- Re: wish list
  - From: Nathan Staab <nathan@Nathan.ADHosting.Com>

Prev by Date: Re: wish list
Next by Date: Re: wish list
Prev by thread: Re: wish list
Next by thread: Re: wish list
Index(es):
- Date
- Thread