Is This A Good Basic Firewall? -- Iptables - Slackware

This is a discussion on Is This A Good Basic Firewall? -- Iptables - Slackware ; On Tue, 27 Nov 2007 11:11:47 -0500, Ed Wilson wrote: >Tom N wrote: > >> On 2007-11-27, Richard James wrote: > >>> If you have access >>> to another computer you can also try a port scanning program like nessus ...

+ Reply to Thread
Page 3 of 9 FirstFirst 1 2 3 4 5 ... LastLast
Results 41 to 60 of 177

Thread: Is This A Good Basic Firewall? -- Iptables

  1. Re: Is This A Good Basic Firewall? -- Iptables

    On Tue, 27 Nov 2007 11:11:47 -0500, Ed Wilson wrote:

    >Tom N wrote:
    >
    >> On 2007-11-27, Richard James wrote:

    >
    >>> If you have access
    >>> to another computer you can also try a port scanning program like nessus
    >>> across the network.


    If you can stomach his sky-is-falling-hype try grc.com for a port scan.
    A basic firewall as described upthread will show all ports closed to
    the Internet.
    >>
    >> Are you telling me that I have no way of determining what ports I have
    >> open here with tools on my own operating system?
    >>

    >
    >There are ways of telling which ports are open locally but they might not
    >tell you what ports a remote computer would see as being open. If your
    >firewall is configured to trust all traffic generated from your computer
    >but not trust traffic originating elsewhere you could get different results
    >if you do a port scan locally instead of remotely.


    For example, I have ssh running for local machines, but Internet machines
    see the port as closed, since there's no iptables rule here that allows
    remote access.

    Grant.

  2. Re: Is This A Good Basic Firewall? -- Iptables

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On 2007-11-26, Tom N wrote:
    >> No, there is not. A default install of Slackware does indeed include
    >> iptables. A default install of Slackware indeed does *NOT* include
    >> any packet filter rules enabled by default. In other words, it
    >> does not provide any "firewall" by default.

    >
    > That doesn't make much sense, considering how simple a basic firewall
    > turns out to be.


    It makes perfect sense. If you want a distribution that will
    immediately setup everything for you and give you the warm and fuzzies,
    Slackware isn't for you.

    I'm going to disagree again with how "simple" a "basic" firewall is.
    After all, just what is a "basic firewall" anyhow? Is it something to
    give you a false sense of security on your desktop? Is it something to
    prohibit any inbound traffic? Is it something to do port forwarding
    and Network Address Translation? Hint: there is no such thing as a
    "basic firewall". Every person has different needs, and a good bit of
    people don't need any firewall at all. Hell, the majority of my
    Slackware systems don't have any firewall rules loaded.

    > And how necessary the experts think it is.


    Just who are these so-called experts exactly? Are these the same
    people that recommend a firewall for the simple reason that it is a
    "security feature"? Do these experts even know what your LAN looks
    like? Do they know if your system is behind another firewall? Do they
    know what services if any you want to offer? Do they know if you want
    to forward packets for nodes behind your machine? Beware anyone who
    claims to be a "security expert". Most of these people are nothing but
    marketing idiots with canned "solutions" in search of a problem.
    Anyone who promises to give you a generic tool that will enhance your
    security should be carefully scrutinized. Most of these people are
    selling snake-oil, or hauking refrigerators to eskimos.

    > If a firewall is considered to be optional by Slackware, why not
    > just leave iptables out of the basic install and save the diskspace?


    Good point! Let's ditch apache since it isn't turned on by default as
    well. What about openvpn or samba, neither of which can be quickly
    turned on because they lack a config file (samples however, are
    provided)? X doesn't run by default, so we can throw it away, along
    with xap/, kde/, and kdei/. Pretty soon we'll have Slackware back down
    to a single CD, with source code!

    - --
    It is better to hear the rebuke of the wise,
    Than for a man to hear the song of fools.
    Ecclesiastes 7:5
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFHTJuSrZS6hX/gvjoRAmoKAJwJceHm3qiG+32idwlDNOrWVrxYbQCggm3/
    rbjA0ZuL9ePQ/vYCbAmspFg=
    =kdRX
    -----END PGP SIGNATURE-----

  3. Re: Is This A Good Basic Firewall? -- Iptables

    Tom N wrote:


    > Some of the sites I need require javascript, and I leave it on all
    > the time. Should I turn it off when not required or have I covered the
    > problem by deleting their cookies?
    >
    > Using the firefox that came with 12.0.


    It depends on how much their efforts to track you bother you versus how much
    effort you put in to stop them bothers you.

    If you want to try it out you can download the Firefox NoScript extension
    from the Firefox themes and extensions site, which should come with the
    Firefox bookmarks. Note that will ask you to download and install the file
    in a dialog box. The same for any Firefox theme, extension, dictionary etc.
    You also have to restart the browser. I have it tweaked a bit so it bothers
    me less by Checking the third option in the first group of the General tab.
    The option that allows any script from Base 2nd Level Domains. Otherwise it
    pops up a lot and you have to click allow for this site and that site which
    gets annoying.

    If you go to that themes and extensions site click on extensions, you should
    see it under the popular extensions list along with Adblock Plus. Otherwise
    it is under the category Privacy & Security.

    If you can't find that site I have listed it here for reference.
    https://addons.mozilla.org/en-US/firefox/browse/type:1

    In my opinion NoScript is more of a hassle than it is worth at this point in
    time. Whereas Adblock Plus is a definite advantage, surfing with no ads is
    better than worrying about them tracking you.

    Richard James

  4. Re: OT ATTN raf Bittorrent was Re: OT Mp3 Sites....

    On 2007-11-27, raf wrote:
    > Tom N wrote:
    >> On 2007-11-25, raf wrote:
    >>> Tom N wrote:
    >>>> On 2007-11-25, loki harfagr wrote:
    >>>>> On Sun, 25 Nov 2007 19:54:16 +0100, Tom N wrote:
    >>>>>
    >>>> ...
    >>>>
    >>>>> Now, can we have real life and enjoy listening to some Alice Cooper ?-)
    >>>>
    >>>> :-)
    >>>>
    >>>> I have really tried to find that Alice Cooper song as an mp3. But all the
    >>>> sites that might have had it lured me in with promises of free music
    >>>> and then wouldn't tell me whether they actually had it or not until
    >>>> I paid a fee.
    >>>>
    >>>>
    >>> Got a bittorrent client? Point it here.
    >>> http://www.mininova.org/search/?search=Alice+Cooper

    >>
    >> You still around, raf? I got a bittorrent client called cTorrent,
    >>
    >> http://ctorrent.sourceforge.net/

    >
    > Not familiar with many cli bittorrent client. I used to use bittorrent
    > 4.4.1 but gave it up for Transmission.


    I read about Transmission on the web. Pretty fancy.

    >> and I downloaded the .torrent file for the Best of Alice Cooper
    >> from mininova
    >> and opened ports 6881-6889 and and everthing looks good except
    >> that I am getting ZIP!

    >
    > Could be that no one is seeding that particular torrent file anymore.
    > You could register in one of there forums and "beg" for seeding if you
    > really want a particular song or album.


    Okay.

    >
    >> Here's what it looks like on my screen:
    >>
    >> root@darkstar:/usr/doc/ctorrent# ctorrent -s ac.bt www.p2p-world.dl.am...Alice\
    >> Cooper_-_Alice_Coopers_Greatest_Hits_\(1974\)\ -\^mininova.org\^-.torrent
    >>
    >> META INFO
    >> Announce: http://p2p.hightorrent.to:7777/announce
    >> Created On: Sun Apr 15 18:33:25 2007
    >> Piece length: 65536
    >>
    >> FILES INFO
    >> <1> ac.bt [95953591]
    >> Total: 91 MB
    >>
    >> Already/Total: 0/1465
    >> Listen on: 2706
    >>| 0,[0/1465/0],0,0 | 0,0 E:0
    >>
    >> The bar on the left keeps turning around and around, but there's nothing coming
    >> through the interface (ppp0) and the file "jon" never grows in size. It just stays
    >> at "0" bytes.
    >>
    >> (While we are at it, just how do I deal with the file if I get it? Is it a WAV file
    >> or an mp3 or what?)

    >
    > Most of the file that I downloaded are in mp3 format. But wav can be
    > easily converted to mp3 or ogg using lame. Some compress using tar,
    > rar, etc. using password but they usually post that also. Check the
    > Details and comments.


    Okay.

    >> After an hour I just gave up and shut it down and closed the ports.
    >>
    >> Does this have something to do with my pitifully slow connection?
    >>
    >> Here's the first part of the .torrent file, the rest being in non-ascii characters
    >> representing raw data, I think:
    >>
    >> d8:announce39:http://p2p.hightorrent.to:7777/annou...rtiesd17:dht_\
    >> backup_enablei1ee7:comment80:>>>>> Respect Is The Word - Seeding Is The Key <<<<< \
    >> http://www.p2p-world.dl.am13:comment.utf-880:>>>>> Respect Is The Word - Seeding Is\
    >> The Key <<<<< http://www.p2p-world.dl.am10:created by15:Azureus/2.5.0.413:creation \
    >> datei1176687205e8:encoding5:UTF-84:infod6:lengthi95953591e4:name75:www.p2p-world.dl.am\
    >> ...Alice_Cooper_-_Alice_Coopers_Greatest_Hits_(1974).rar10:name.utf-875:www.p2p-world.\
    >> dl.am...Alice_Cooper_-_Alice_Coopers_Greatest_Hits_(1974).rar12ie ce lengthi65536e6\
    >>ieces29300:ėG]<87>^
    >>

    >
    > You know this means nothing to me. Maybe someone else can help.


    Probably doesn't matter. I just wanted to include all the information
    I had.

    >
    >> (I broke the lines and marked the fact with "\".)
    >>
    >> /usr/bin/file reports it to be a .torrent file.
    >>
    >> Been reading this, but haven't found an answer:
    >>
    >> http://dessent.net/btfaq/
    >>
    >>
    >> Tom
    >>

    > Good luck!


    Thanks, raf. I'll get it down. This looks like the way to get music
    on the internet, all right.

    Tom

    --
    simpleman.s43
    That would be at gee male


  5. Re: Is This A Good Basic Firewall? -- Iptables

    On 2007-11-27, Richard James wrote:
    > Tom N wrote:
    >
    > I would admit that Slackware could probably do with an option to turn on a
    > basic firewall during install for some users. By doing that some people
    > could have their basic firewall and other users could add firewalls to
    > their system in their own fashion.


    That sounds right to me. Don't see how a basic one like I have could
    cause any problems.

    >>> If you have access
    >>> to another computer you can also try a port scanning program like nessus
    >>> across the network.

    >>
    >> Are you telling me that I have no way of determining what ports I have
    >> open here with tools on my own operating system?

    >
    > Sorry I have mislead you a bit. There are several ways to check.
    >
    > http://www.redhat.com/docs/manuals/l...ver-ports.html


    Good. I saved it for careful study.

    Looks like I better get nmap installed.

    I have it on the CD's!

    > Most software that you have installed has in its documentation the ports
    > that it uses. However it is much quicker to look at a list of standard UNIX
    > ports and services and work from that.
    > http://en.wikipedia.org/wiki/List_of...P_port_numbers
    >
    > http://www.iana.org/assignments/port-numbers


    Had no idea there were so many. Don't have any idea what most of them are
    for....Time to learn...

    > When I first used a X Window system it was over a secure network. I sat at a
    > Workstation which was the X Server and the X Client and the program I was
    > using was on a Server. Yes X Server and Client is backwards to the standard
    > Client/Server model. In the past this was the model that X was used in,
    > nowdays both the X Client and Server sit on the same machine but they still
    > talk to each other in the same fashion. Some people do forward X windows
    > Sessions through a secure SSH session so it is not entirely feasible to
    > pull the plug on this network connection.


    Even if you aren't running SSH, like me? And have all the ports blocked?

    > As for X security most Linux systems use MIT magic cookie authentication.
    > This is why when you are a user and you start X and then open a terminal
    > and su to root, root cannot access the X server even though it is running
    > on the same machine. This system is not invulnerable to attack so blocking
    > port 6000 from the internet is a good idea.


    All my ports are blocked.

    If I open a port(s) for a particular application, like bittorrent, I close
    them after I shut down the app.

    >> My own OS will open ports of its own accord and then block me from finding
    >> out about it?

    >
    > No it only opens ports if you run the software which opens ports. The Linux
    > Kernel does not open ports by itself. It is the software that is running
    > that has the ports open. Use ps to list all your running software then look
    > at the lists of ports they open. Look also at the output of lsof -i and
    > other tools.


    lsof -i

    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    X 1241 root 1u IPv6 2401 TCP *:x11 (LISTEN)
    X 1241 root 3u IPv4 2409 TCP *:x11 (LISTEN)
    ctorrent 1592 root 3u IPv4 3484 TCP *:2706 (LISTEN)

    netstat -an

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:2706 0.0.0.0:* LISTEN
    tcp6 0 0 :::6000 :::* LISTEN
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags Type State I-Node Path
    unix 2 [ ACC ] STREAM LISTENING 2410 /tmp/.X11-unix/X0
    unix 4 [ ] DGRAM 2107 /dev/log
    unix 2 [ ] DGRAM 3306
    unix 3 [ ] STREAM CONNECTED 2788 /tmp/.X11-unix/X0
    unix 3 [ ] STREAM CONNECTED 2787
    unix 3 [ ] STREAM CONNECTED 2462 /tmp/.X11-unix/X0
    unix 3 [ ] STREAM CONNECTED 2461
    unix 3 [ ] STREAM CONNECTED 2460 /tmp/.X11-unix/X0
    unix 3 [ ] STREAM CONNECTED 2459
    unix 3 [ ] STREAM CONNECTED 2458 /tmp/.X11-unix/X0
    unix 3 [ ] STREAM CONNECTED 2457
    unix 3 [ ] STREAM CONNECTED 2456 /tmp/.X11-unix/X0
    unix 3 [ ] STREAM CONNECTED 2455
    unix 3 [ ] STREAM CONNECTED 2454 /tmp/.X11-unix/X0
    unix 3 [ ] STREAM CONNECTED 2453
    unix 3 [ ] STREAM CONNECTED 2452 /tmp/.X11-unix/X0
    unix 3 [ ] STREAM CONNECTED 2414
    unix 2 [ ] DGRAM 2214

    >
    >> If true, that's downright frightening. Makes me wonder if Linux is even a
    >> mature OS.

    >
    > The Linux security model is based on the UNIX security model which is very
    > old and has mostly all of the bugs removed from it, over a long period of
    > time. Once it was pretty trivial to crack UNIX but that is no longer the
    > case. But security is not just the design it is also in the implementation.
    > Some UNIX systems have security better implemented than others. An
    > administrator can also alter the implementation of a specific UNIX system
    > to increase or decrease the security of that system. One can make a BSD
    > system very hackable if one does the wrong things. One can make a sloppy
    > implementation very secure if one does the right things.
    >
    > This is why it is important to understand the security model of the system,
    > and also important to understand how security can be undermined. Sometimes
    > to secure a system you have to think about all the mean ways you could
    > break it.
    >
    > Do not worry too much about this at first though. This becomes more
    > important when you are putting a server onto the Internet. When you are
    > just using the computer to access the Internet things are much easier.


    Whew! :-\

    >
    >>> This post could go on and on about the varying facets of computer
    >>> security which is why it is better that you read some web-sites or books.

    >>
    >> It appears that I am going to have to.

    >
    > I am not a security expert, however I do know a lot about security. I do not
    > administrate servers and I do not see these exploits going on. I do work as
    > a computer technician and have seen the results of drive-by spyware
    > infections and worms on MS Windows systems. That is why I point you at other
    > resources as other people have more knowledge of these things than me.
    >
    > But be aware of false experts. There are many of these in the computer
    > security industry, people who are more interested in selling their
    > product/services than they are in actually securing systems.


    My guard is up. Who watches the watchers?

    Thanks, Richard. Looks like I have some studying to do.

    Tom

    --
    simpleman.s43
    That would be at gee male


  6. Re: Is This A Good Basic Firewall? -- Iptables

    On 2007-11-27, Ed Wilson wrote:
    > Tom N wrote:
    >
    >> On 2007-11-27, Richard James wrote:

    >
    >>> If you have access
    >>> to another computer you can also try a port scanning program like nessus
    >>> across the network.

    >>
    >> Are you telling me that I have no way of determining what ports I have
    >> open here with tools on my own operating system?
    >>

    >
    > There are ways of telling which ports are open locally but they might not
    > tell you what ports a remote computer would see as being open. If your
    > firewall is configured to trust all traffic generated from your computer
    > but not trust traffic originating elsewhere you could get different results
    > if you do a port scan locally instead of remotely.


    And that is the case for my firewall.

    > Netstat will list the ports you currently have open but it does not know if
    > the firewall will or won't let that port receive inbound packets.
    >
    > Nmap(or nmapfe if you like a gui) will try to connect to the ports you
    > specify on the hosts you specify. If you do it locally and local traffic
    > is trusted and allowed all ports that are open will respond normally and
    > nmap will list them as open, or if done from a remote computer that would
    > not pass your firewall rules nmap will report closed, blocked, filtered, or
    > whatever response the firewall is configured to give.
    >


    I found nmap on the CDs will be inastalling it.

    Thanks for the tips, Ed,

    Tom

    --
    simpleman.s43
    That would be at gee male


  7. Re: Is This A Good Basic Firewall? -- Iptables

    On 2007-11-27, Edwin Johnson wrote:
    > On 2007-11-26, Robby Workman wrote:
    >> On 2007-11-25, Tom N wrote:
    >>>
    >>> So you are trying to tell me that the stock install of Slackware
    >>> 12 included iptables but no default firewall using it?
    >>>
    >>> I don't think so.


    Edwin,

    >
    > If you don't want to 'roll your own',I might suggest trying to find a copy
    > of Jay's Itables Firewall, which is a set of scripts (no gui) I've been
    > using for a long time. Probably on sourceforge somewhere. You can specify in
    > the config file which ports you need open to the outside and, if you have a
    > lan connected also, which ports (or all) can be open in the lan. I don't
    > have a lan hooked up, but in the past I experimented with this in the office
    > and it all worked flawlessly. I have it on my present computer, using DSL.
    >
    > ...Edwin


    I'll google for it. Sounds like it is a well-commented ruleset, which will
    be a big help.

    I appreciate the advice,

    Tom

    --
    simpleman.s43
    That would be at gee male


  8. Re: Is This A Good Basic Firewall? -- Iptables

    On 2007-11-27, +Alan Hicks+ wrote:
    >
    > On 2007-11-26, Tom N wrote:
    >>> No, there is not. A default install of Slackware does indeed include
    >>> iptables. A default install of Slackware indeed does *NOT* include
    >>> any packet filter rules enabled by default. In other words, it
    >>> does not provide any "firewall" by default.

    >>
    >> That doesn't make much sense, considering how simple a basic firewall
    >> turns out to be.

    >
    > It makes perfect sense. If you want a distribution that will
    > immediately setup everything for you and give you the warm and fuzzies,
    > Slackware isn't for you.


    I suggest that you leave the childish insults to creeps like realto
    margarino.

    Unless you want to join him and his sock puppets and cronies
    on 'my never read and never read any responses
    to' list.

    I built Slackware 12.0 from a pile of files, which is something
    that most people here couldn't do.

    That probably includes you.

    Now **** off. Get back to me when you learn some manners or
    stay gone.

    That's not a suggestion or a request, it is a ****ing fact.

    ....

    Tom










  9. Re: Is This A Good Basic Firewall? -- Iptables

    On 2007-11-27, Grant wrote:
    > On Tue, 27 Nov 2007 11:11:47 -0500, Ed Wilson wrote:
    >
    >>Tom N wrote:
    >>
    >>> On 2007-11-27, Richard James wrote:

    >>
    >>>> If you have access
    >>>> to another computer you can also try a port scanning program like nessus
    >>>> across the network.

    >
    > If you can stomach his sky-is-falling-hype try grc.com for a port scan.
    > A basic firewall as described upthread will show all ports closed to
    > the Internet.
    >>>
    >>> Are you telling me that I have no way of determining what ports I have
    >>> open here with tools on my own operating system?
    >>>

    >>
    >>There are ways of telling which ports are open locally but they might not
    >>tell you what ports a remote computer would see as being open. If your
    >>firewall is configured to trust all traffic generated from your computer
    >>but not trust traffic originating elsewhere you could get different results
    >>if you do a port scan locally instead of remotely.

    >
    > For example, I have ssh running for local machines, but Internet machines
    > see the port as closed, since there's no iptables rule here that allows
    > remote access.
    >
    > Grant.


    Very helpful.

    Tom

    --
    simpleman.s43
    That would be at gee male


  10. Re: OT ATTN raf Bittorrent was Re: OT Mp3 Sites....

    On 2007-11-27, buck wrote:
    > On Tue, 27 Nov 2007 11:26:53 +0100 (CET), Tom N
    > wrote:
    >
    >
    >>and I downloaded the .torrent file for the Best of Alice Cooper
    >>from mininova

    >
    > That torrent is dead.


    A shame, but it seems to be true. Same for the Killer one
    on mininova.

    > Try several others.
    > http://torrentscan.com/
    > --buck
    >


    Will do. Thanks!


    Tom

    --
    simpleman.s43
    That would be at gee male


  11. Re: OT ATTN raf Bittorrent was Re: OT Mp3 Sites....

    Tom N wrote:

    (about bittorrent)

    Tom, I don't think it'll do you much good since you are on dialup, like me.
    Much easier to just download straight through. And, BTW, your speed is slow,
    I used pppsetup as usual but I get a very low download speed. (?) I instead
    use KPP, yeah it is a X winders program but I do get a constant speed of 5.2
    kbs. Up to 12 kbs when it is being buffered and then slowed down again.
    (another ?)
    --
    Bud

  12. Re: OT ATTN raf Bittorrent was Re: OT Mp3 Sites....

    On 2007-11-28, Bud wrote:
    > Tom N wrote:
    >
    > (about bittorrent)
    >
    > Tom, I don't think it'll do you much good since you are on dialup, like me.
    > Much easier to just download straight through.


    Not sure what you mean, Bud. I've been downloading the .torrent files from
    websites and feeding them to my bittorrent client.

    > And, BTW, your speed is slow,
    > I used pppsetup as usual but I get a very low download speed.


    I didn't use that. Using files I got from a pro. Direct call to pppd
    and a chatscript for chat.

    > (?) I instead
    > use KPP, yeah it is a X winders program but I do get a constant speed of 5.2
    > kbs. Up to 12 kbs when it is being buffered and then slowed down again.
    > (another ?)


    Can't find kpp/KPP in the package list for 12.0. Don't mind using an X app
    if I have to, but I think that only works with KDE (guess) and I don't run
    that and won't be.

    I am looking closer at my pppd configuration, though. And this will spur
    me to be very thorough about it.

    Thanks,

    Tom

    --
    simpleman.s43
    That would be at gee male


  13. Re: Is This A Good Basic Firewall? -- Iptables

    On Wed, 28 Nov 2007 02:14:20 +0100, Tom N wrote:

    >> It makes perfect sense. If you want a distribution that will
    >> immediately setup everything for you and give you the warm and fuzzies,
    >> Slackware isn't for you.


    > I suggest that you leave the childish insults to creeps like realto
    > margarino.


    It wasn't an insult, dimwit, it was a statement of fact.

    > Now **** off. Get back to me when you learn some manners or
    > stay gone.


    Oooh. A n00b with an attitude, and no common sense. You're gonna go far,
    doofus.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".


  14. Re: OT ATTN raf Bittorrent was Re: OT Mp3 Sites....

    Tom N wrote in
    news:slrnfkpogg.27n.tom@darkstar.example.net:

    > Not sure what you mean, Bud. I've been downloading the .torrent files
    > from websites and feeding them to my bittorrent client.


    Hi, Tom! I certainly don't want to rain on your parade, but I do hope
    that you know that many of the music .torrent files contain copyrighted
    material and thus cannot be legally downloaded in certain parts of the
    world.

    In fact, in the good ol' USofA the RIAA has been doing quite a bit of suing
    of people who do (and many who do not, some of whom were even deceased!)
    download torrents of copyrighted material.

    And, don't forget the MPAA, either! Nor the (thrice-damned) DMCA that
    allows them to use these possibly unconstitutional and certainly bullying
    tactics.

    So, I've not seen you admit to downloading any copyrighted work, but I
    thought that a word to a (possible) newbie might be in good order.

    No offense meant, and I certainly hope that none was taken. Have a good
    time with your computing adventure in Linux. ;v)

  15. Re: Is This A Good Basic Firewall? -- Iptables

    Tom N wrote in
    news:slrnfkpff0.1t8.tom@darkstar.example.net:

    > On 2007-11-27, +Alan Hicks+ wrote:
    >>
    >> On 2007-11-26, Tom N wrote:


    So, someone clued in Tom to the fact that a default Slackware install
    doesn't include a firewall...

    >>>> No, there is not. A default install of Slackware does indeed include
    >>>> iptables. A default install of Slackware indeed does *NOT* include
    >>>> any packet filter rules enabled by default. In other words, it

    does
    >>>> not provide any "firewall" by default.


    A decision he evidently doesn't agree with, even though iptables has
    scripts precisely because firewalls need to be customized...

    >>> That doesn't make much sense, considering how simple a basic firewall
    >>> turns out to be.


    And then someone makes a highly accurate statement of bare fact...

    >> It makes perfect sense. If you want a distribution that will
    >> immediately setup everything for you and give you the warm and

    fuzzies,
    >> Slackware isn't for you.


    And Tom takes umbrage!

    > I suggest that you leave the childish insults to creeps like realto
    > margarino.
    >
    > Unless you want to join him and his sock puppets and cronies
    > on 'my never read and never read any responses
    > to' list.


    Oh, good, I've been neither a sock puppet nor a crony, but, please add me
    to your... killfile!

    > I built Slackware 12.0 from a pile of files, which is something
    > that most people here couldn't do.


    Yawn, beating of the chest.

    > That probably includes you.


    Ad hominem attack.

    > Now **** off. Get back to me when you learn some manners or
    > stay gone.


    And, look, he owns the internet! Wish I'd read this message before I
    helpfully replied in another place.

    > That's not a suggestion or a request, it is a ****ing fact.


    Well, no, actually it _is_ a suggestion. Just look at it. And a
    request, to boot!

    > Tom


    *plonk*

    --
    The email address, above, is most certainly munged. Perhaps you
    might reply to the newsgroup, instead? Thanks!

  16. Re: Is This A Good Basic Firewall? -- Iptables

    Alan Hicks wrote:

    >> ... If you want a distribution that will immediately setup everything
    >> for you and give you the warm and fuzzies, Slackware isn't for you.


    (followed by several good points that would have been helpful to Tom N,
    had he bothered to read them. Instead ...)

    Tom N followed up:

    > I suggest that you leave the childish insults to creeps like realto
    > margarino.
    > ...
    > Now **** off. Get back to me when you learn some manners or stay gone.


    Congratulations, Tom. You not only completely overlooked some perfectly
    valid (dare I say "helpful") advice in order to make room for a public
    tantrum, but you successfully burnt at least one bridge (and most likely
    a few others) to a smoldering pile of rubble in the process. I heartily
    suggest that you re-read Alan's message, perhaps with a less defensive
    frame of mind. I think you'll find it has a few valuable nuggets you
    missed.

    > I built Slackware 12.0 from a pile of files, ...


    For the sake of accuracy, you (and the rest of us) *installed*
    Slackware-12.0 from a pile of files, with most of us obtaining said
    pile of files conveniently packaged together on a few CDs or a DVD.
    Nevertheless, we all started from a "pile of files". Patrick Volkerding
    "built" Slackware-12.0 (incidentally also from a pile of files ...).

    > which is something that most people here couldn't do. ...
    > That probably includes you.


    Given the types of questions you've been asking here, Tom, and how
    you've latched on to a few who've offered help, I find myself hesitant
    to believe that you would be able to do much that "most people here
    couldn't do." You've seen a couple of responses to your "tantrum"
    message already I'm sure. Did you really mean to alienate the same
    people who have been offering to help you?

    In case my response leaves you wondering whether I measure up to your
    apparently powerful grasp of current Linux (and perhaps general computing)
    technology, if you can get a more complete port of a more recent Slackware
    distribution than I had built for the Alpha (specifically a rather loud
    AS2100 in my case, or I would have completed the project) architecture
    (or better yet, if you can get a recent version of Slackware ported to
    the MIPS-based original Cobalt Qube, a feat that I have yet to devote
    enough time to to even begin; at least that system's quiet!), you'll
    have done something "most people here couldn't do ..."

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  17. Re: Is This A Good Basic Firewall? -- Iptables

    On 2007-11-28, Sylvain Robitaille wrote:
    > Alan Hicks wrote:
    >
    >>> ... If you want a distribution that will immediately setup everything
    >>> for you and give you the warm and fuzzies, Slackware isn't for you.

    >
    > (followed by several good points that would have been helpful to Tom N,
    > had he bothered to read them. Instead ...)
    >
    > Tom N followed up:
    >
    >> I suggest that you leave the childish insults to creeps like realto
    >> margarino.
    >> ...
    >> Now **** off. Get back to me when you learn some manners or stay gone.

    >
    > Congratulations, Tom. You not only completely overlooked some perfectly
    > valid (dare I say "helpful") advice in order to make room for a public
    > tantrum,


    Nobody talks to me like that.

    And nobody talks to me the way you are talking to me right now.

    Just where the hell you both get the idea that you are superior to me,
    I don't know.

    But I do know one thing: You wouldn't talk like this to my face.

    Or to anybody's face.

    You only do it because you are safe at home behind the internet.

    And ANYONE can talk big in such circumestances.


    Tom










  18. Re: Is This A Good Basic Firewall? -- Iptables --revisited

    On 2007-11-27, +Alan Hicks+ wrote:
    >
    > On 2007-11-26, Tom N wrote:
    >>> No, there is not. A default install of Slackware does indeed include
    >>> iptables. A default install of Slackware indeed does *NOT* include
    >>> any packet filter rules enabled by default. In other words, it
    >>> does not provide any "firewall" by default.

    >>
    >> That doesn't make much sense, considering how simple a basic firewall
    >> turns out to be.

    >
    > It makes perfect sense. If you want a distribution that will
    > immediately setup everything for you and give you the warm and fuzzies,
    > Slackware isn't for you.


    That paragraph is nothing but an unwarrented personal attack based upon three
    obvious falsehoods.

    1. I have already clearly established, beyond any shadow of a doubt, that
    I am not a person looking for a "warm and fuzzy" operating system.

    2. All sorts of basic services are set up during the default Slackware
    installation. A simple firewall could very well be part of it. Others
    here have agreed with me on this. Someone said it used to be.

    3. Therefore it doesn't make perfect sense. It is just a choice that
    was made for this release of Slackware.

    So he threw a punch, and I hit him back, and now certain parties here
    want to condemn me for it.

    Apparently, I am supposed to eat his **** in order to receive the blessings
    of his insight into Slackware.

    No thanks. There are plenty of people here who have given me great advice
    without that requirement thrown in. Mature people who treat others with
    the respect they deserve.

    Tom


  19. Re: Is This A Good Basic Firewall? -- Iptables

    On Nov 27, 10:01 pm, Sylvain Robitaille
    wrote:
    > Alan Hicks wrote:
    > >> ... If you want a distribution that will immediately setup everything
    > >> for you and give you the warm and fuzzies, Slackware isn't for you.

    >
    > (followed by several good points that would have been helpful to Tom N,
    > had he bothered to read them. Instead ...)
    >
    > Tom N followed up:
    >
    > > I suggest that you leave the childish insults to creeps like realto
    > > margarino.
    > > ...
    > > Now **** off. Get back to me when you learn some manners or stay gone.

    >
    > Congratulations, Tom. You not only completely overlooked some perfectly
    > valid (dare I say "helpful") advice in order to make room for a public
    > tantrum, but you successfully burnt at least one bridge (and most likely
    > a few others) to a smoldering pile of rubble in the process. I heartily
    > suggest that you re-read Alan's message, perhaps with a less defensive
    > frame of mind. I think you'll find it has a few valuable nuggets you
    > missed.


    On 2007-11-28, Sylvain Robitaille wrote:
    > Alan Hicks wrote:
    >
    >>> ... If you want a distribution that will immediately setup everything
    >>> for you and give you the warm and fuzzies, Slackware isn't for you.

    >
    > (followed by several good points that would have been helpful to Tom N,
    > had he bothered to read them. Instead ...)
    >
    > Tom N followed up:
    >
    >> I suggest that you leave the childish insults to creeps like realto
    >> margarino.
    >> ...
    >> Now **** off. Get back to me when you learn some manners or stay gone.

    >
    > Congratulations, Tom. You not only completely overlooked some perfectly
    > valid (dare I say "helpful") advice in order to make room for a public
    > tantrum, but you successfully burnt at least one bridge (and most likely
    > a few others) to a smoldering pile of rubble in the process. I heartily
    > suggest that you re-read Alan's message, perhaps with a less defensive
    > frame of mind. I think you'll find it has a few valuable nuggets you
    > missed.


    I am supposed to bow down before the Mighty Alan Hicks, am I?

    Because he is such a fountain of useful advice that no one could
    possibly
    do without his assistance. That's what you are saying.

    And it is utter bull****.

    I got the X-Window System _manually_ installed and configured here
    without any help from him.

    He posted once in 131 posts and what he had to say contributed
    absolutely
    nothing to thread.

    In fact, the entire post is obviously just an excuse for him to jump
    in and play Big Daddy, when he hasn't earned that status.

    He seems to think that his praise is invaluable.

    And he phrased it in such a way, with that strange "BOZO" points
    thing, that I dould easily and logically taken it as an insult
    and it brought the trolls a'running, which he obviously knew would
    happen.

    In short, he was trying to make trouble.

    I would have much rather have had some real help from him.

    [Tom N ]131 I Need Some Help With X-Window System

    ##From: +Alan Hicks+
    ##Subject: Re: I Need Some Help With X-Window System

    (PGP stuff stripped)

    Please trim the quotes of any posts you are replying to, thanks.

    On 2007-11-12, Tom N wrote:
    > Of course, I don't know what DRI/DRM is and what I am missing, but it's
    > okay for the nonce.


    DRI/DRM is a component of Xorg that's used for the Direct Rendring of
    3D objects.

    I've got to say, I'm most impressed with you, Tom. Most rookies give
    up and quickly go over to Ubuntu or another of the newbie-friendly
    distributions. You however, not only stuck it out but came into the
    group after lurking for awhile, and posted a strong question in which
    you cited the work you'd done and provided information on the hardware
    involved. We need more rookies like you.

    Give yourself a BOZO point.

    - --
    It is better to hear the rebuke of the wise,
    Than for a man to hear the song of fools.
    Ecclesiastes 7:5

    And I installed and configured sound _manually_ with no help
    whatsoever from
    him.

    Fortunately, he didn't feel the need to jump into that thread and tell
    me
    that I was a good little boy.

    And cause more trouble.

    [Tom N ]118 Basic Sound Configuration

    --------------------------------------------------------------------
    I am much indebted to all the good folks who helped me with X and
    sound
    and other aspeots of configuring and running Slackware.

    I owe Mr. Hicks absolutely nothing.

    He has not only not helped me at all, but his two most notable posts
    to me have been obvious attempts to make trouble.

    And he WILL watch his mouth when he talks to me or I will simply
    not read any of his posts.

    It's quite obvious that I can do without his help. That everyone can
    do without his help.

    If I have burned any bridges, Sylain, they weren't safe to walk across
    in the first place, and torching them was a public service.

    I'm posting this through google groups because I suddenly am unable to
    post through aioe.

    If I find out Mr. Hicks or any of his cronies had anything to do with
    this,
    they are going to learn two more interesting things about me.

    They already know that I have a bad reaction to bullying.

    1. Flying private planes is one of my favorite hobbies. I love long
    trips to new destinations. I am retired and have plenty of time.

    2. In the profession I am now retired from, at quite a young age
    because
    of my success at it, I made frequent use of international personal
    investigation
    firms.

    **** with me and I'll use a third party to hire one of those firms to
    track
    you down, and I will take a 'vacation' in your neck of the woods and
    stomp
    your ass and turn your computers into junk.

    If I have to hang around for two weeks to catch you alone, so be it.
    If I
    have to hire some local talent to help me, I know how to do that.

    If you were half as smart as you think you are, then you'd know better
    than
    to **** with a completely unknown quantity.

    I have no respect at all for cowards who think they are hidden behind
    the
    internet and abuse people.

    Tom




  20. Re: Is This A Good Basic Firewall? -- Iptables --revisited

    On Wed, 28 Nov 2007 09:53:01 +0100 (CET)
    Tom N wrote:
    > 1. I have already clearly established, beyond any shadow of a doubt, that
    > I am not a person looking for a "warm and fuzzy" operating system.


    Tom,

    I am going to (modestly ;-) suggest you to try this package:

    ftp://ftp.berlios.de/pub/slackfire/s...2-noarch-1.tgz

    Install it as any other Slackware package, and you will get
    a basic firewall protecting your system from any inbound
    connections. You will find how to tune the firewall up to
    almost any needs of a home workstation (and not only) if you
    check the README:

    http://slackfire.berlios.de/README

    (also included in the package).

    As an alternative, I suggest you try Easy Firewall Generator:
    http://easyfwgen.morizot.net/

    --
    Mikhail

+ Reply to Thread
Page 3 of 9 FirstFirst 1 2 3 4 5 ... LastLast