Security Rant (was Re: ipchains issue (Re: Webmin via Apache))

George Toft plug-discuss@lists.plug.phoenix.az.us
Wed, 26 Jun 2002 08:20:45 -0400


For those learning iptables, please visit my presentation I gave a
couple months ago (to another LUG) and comment on it.  Was it clear? 
Did it help? 
http://www.georgetoft.com/linux/plug/presentations/firewall/index.html

The objective of the presentation is to give the audience the basic
background to read iptables scripts so they can modify scripts for their
own use.  When I started the presentation, I knew nothing about
iptables.  Now I have a custom firewall that has been professionally
tested, and works quite well.  In fact, every commercial
scanner/vulnerability tester has stated this level of security is very
unusual, and assumed there was a problem in the testing of the firewall.

Thank you.

George


Craig White wrote:
> 
> On Tue, 2002-06-25 at 21:32, alandd@mindspring.com wrote:
> 
> >
> > I should know about firewall configuration.  I now have a reason to learn.
> > =^)
> >
> > <MyRant>
> > However, as we propel Linux forward, we need to help develop tools that don't
> > require the user to know how or even why he needs a firewall.  The average Joe
> > just wants to know that his computer is secure because he picked the secure
> > option on his install.  And, if he needs to close a port or open a port, he
> > doesn't want to learn ipchains rule syntax or even port numbers, he wants to
> > select an option and be on his merry way.  Not an easy task but this is the
> > mindset that company in Redmond has created and our society expects.
> >
> > If we want Linux on every desktop, it has to be made that easy.
> > </MyRant>
> >
> -----
> I thoroughly disagree with this rant.
> This has nothing whatsoever to do with Microsoft or Microsoft mindset.
> In fact, your attitude represents the spoiled mentality of the Microsoft
> user.
> 
> This is open source software - when you see a need, you should offer
> your time and energies to fill it - don't be content to curse the
> darkness, light a candle.
> 
> Redhat offers a simple minded 3 level firewall choice on install, all
> using ipchains which is only offered on the 2.4 kernels for backwards
> compatibility. You are probably wasting your time trying to learn
> ipchains at this point. Netfilter/iptables is the native firewall module
> for 2.4 kernels. If you want to learn something that is applicable, that
> is what you should learn.
> 
> If you want simple minded firewall configuration utility, may I suggest
> firestarter.
> 
> Craig
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
If you feel you have received a virus from me, please read
	http://www.georgetoft.com/virus.html
because it wasn't me!
--