[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux Firewalls/Routers - 3rd Round
- To: Eli Marmor <marmor(at-nospam)netmask.it>
- Subject: Re: Linux Firewalls/Routers - 3rd Round
- From: Oleg Goldshmidt <ogoldshmidt(at-nospam)computer.org>
- Date: 29 Oct 2001 21:43:21 +0200
- Cc: linux-il(at-nospam)cs.huji.ac.il
- In-Reply-To: Eli Marmor's message of "Mon, 29 Oct 2001 20:39:33 +0200"
- Organization: Speaking for myself only.
- Original-Sender: ogoldshmidt@computer.org
- References: <3BDDA265.6C8F0ADE@netmask.it>
- Reply-To: linux-il(at-nospam)linux.org.il
- Sender: oleg(at-nospam)data-zoo.com
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Cuyahoga Valley)
Eli Marmor <marmor@netmask.it> writes:
> > Don't use iptables. Go with 2.2.19 and ipchains. Iptables has a
> > security exploit which I and many others can use to enter your
> > network.
>
> After being amazed by this warning, I asked for more details, and he
> responded:
>
> > It might have been fixed since, but last time I talked with Linus about
> > it (around 25th of September, I believe) he was very much aware of this
> > problem and in fact he said that at home he is still using 2.2.19 for
> > firewalling.
Is this what Moshe means?
http://www.sfu.ca/~siegert/linux-security/msg00048.html
http://www.sfu.ca/~siegert/linux-security/msg00059.html
This, however, was fixed in June:
http://www.redhat.com/support/errata/RHSA-2001-084.html
Anything else?
There have been 3 (2.4) kernel versions in October:
ftp://ftp.kernel.org/pub/linux/kernel/v2.4
--
Oleg Goldshmidt | ogoldshmidt@NOSPAM.computer.org
"If it ain't broken, it has not got enough features yet."
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il