Is This A Good Basic Firewall? -- Iptables - Slackware

This is a discussion on Is This A Good Basic Firewall? -- Iptables - Slackware ; Realto Margarino wrote: >The Slackware experience? >WTF is that? It's all right here on aols, baby! -Beej...

+ Reply to Thread
Page 7 of 9 FirstFirst ... 5 6 7 8 9 LastLast
Results 121 to 140 of 177

Thread: Is This A Good Basic Firewall? -- Iptables

  1. Re: OT Trolls was: Re: Is This A Good Basic Firewall? -- Iptables

    Realto Margarino wrote:
    >The Slackware experience?
    >WTF is that?


    It's all right here on aols, baby!

    -Beej


  2. Re: Is This A Good Basic Firewall? -- Iptables

    Mark South says:
    >On Fri, 30 Nov 2007 15:19:31 +0000, Realto Margarino wrote:


    >> You are being pedantic, and for no good reason.


    >


    Obviously you don't know what pedantic means.

    cordially, as always,

    rm

  3. Re: Is This A Good Basic Firewall? -- Iptables

    Sylvain Robitaille wrote:

    > No. The hard part really is building the toolchain on the target
    > system. For the Qube, I think I'm going to have to assemble myself a
    > cross-compiling environment, and build the toolchain on a different
    > system, for the target system (I can't build a current toolchain on the
    > OS that the Qube shipped with).
    >


    Instead of cross-compiling you could install one of these as a stepping
    stone. http://www.linux-mips.org/wiki/Distributions

    One advantage to setting up a cross-compiling environment is you could use
    distcc to speed up compile times.

    http://distcc.samba.org/faq.html

    > Once the toolchain works, the process really is as simple as you're
    > making it seem, with the additional step of editting PV's SlackBuild
    > scripts. It's still a challenge to get the order right, but that one's
    > relatively easy.
    >


    If you are using debian, gentoo or some other distro with built in
    dependency tracking you could ask the package management system what order
    it would install things to get a rough idea of the order.



    --
    Ed

  4. Re: Why Slackware? was ....

    On Sat, 30 Nov 2007, Helmut Hullen wrote:

    > We don't need no education.


    that was an awsome song, from the best band in the world


    --
    Cheers
    Res



  5. Re: Why Slackware? was ....

    On Sat, 01 Dec 2007 00:47:07 +0100, Tom N wrote:

    > Well, Beej, you are clearly gigabytes out of my league. I certainly hope
    > that you check in and help us neophytes now and again.


    Homer Simpson and Elmer Fudd are "gigabytes" out of your league, also. I
    bet you got picked on a lot as a kid, eh? Did you ride the "short bus"?

    > [All the rest of the posts on this thread are from known trolls, or are
    > replies to known trolls, or from names I've never seen before and are
    > very short. I've deleted all of them, unread.]


    Uhhh, yeah, right. If you say so, Alan.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".


  6. Re: Why Slackware? was ....

    Tom N says:

    >Okay. I don't know about this killfile stuff. I'm guessing that has
    >something to do with slrn's scorefile, which I haven't gotten into.


    Why on earth are you using slrn? That's like travelling around on a
    buckboard.

    cordially, as always,

    rm

  7. Re: Is This A Good Basic Firewall? -- Iptables

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Realto Margarino wrote:
    > +Alan Hicks+ says:
    >
    > pgp trash troll delete


    *yawn*

    >>Oh I don't know. Maybe it's the fact that guys like me and Sylvain
    >>have actually done things with computers that most people haven't
    >>imagined?

    >
    > Like what? Dropping them on the floor? And nobody puts you in a
    > class with Sylvain, or anyone else, so your attempt to cloak your
    > own total lack of credibility with the credibility and respect that
    > others have _worked_ for is lame and would be hilarious but for the
    > slimy aspect of it.
    >
    >>Maybe it's that we've spent years building up our personal
    >>knowledge to a high level? Maybe it's because we've seen your
    >>posts and for the most part they don't show any special knowledge?

    >
    > As opposed to yours? Hardly. The special knowledge involved in
    > writing bash scripts is about as valuable as the special knowledge
    > needed to shoe a horse in downtown Detroit.


    Hmm.. Let's see. Listen to some useless troll who is wasting
    one of our most valued resources (air), or listen to someone who has
    the results. Let's check out Sylvain's and Alan's credibility:

    From the Changelog in slackware-current:

    +--------------------------+
    Tue Nov 27 16:08:14 CST 2007
    a/mkinitrd-1.3.0-i486-1.tgz: Upgraded to mkinitrd-1.3.0.
    This fixes a bug where some module options could be ignored.
    Thanks to Alan Hicks for the patch.
    Thanks also to Richard Hoyle for showing me how to statically link busybox
    correctly when I wouldn't listen to the Makefile. ;-)
    +--------------------------+

    - From the FAQ Pointer in this very newsgroup:

    - --snip--
    FAQ contributors

    This is a list of people who have contributed to the answers in this

    FAQ, in no particular order, other than the order in which their
    contributions were found when looking to compile this list.

    Patrick Volkerding
    Keith Keller
    Alan Hicks
    ..
    ..
    Sylvain Robitaille
    - --snip--

    And Realto/Roger/Rank/whatever he feels crunchy enough to name
    himself today has:



    Enough said.

    Two guys that have made commitments, where all you have is criticisms
    coming out of your arse.

    It's like breakfast; while the chicken participates, the pig is
    committed.

    So how do you take your eggs?

    BL.
    - --
    Brad Littlejohn | Email: tyketto@sbcglobal.net
    Unix Systems Administrator, | tyketto@ozemail.com.au
    Web + NewsMaster, BOFH.. Smeghead! | http://www.wizard.com/~tyketto
    PGP: 1024D/E319F0BF 6980 AAD6 7329 E9E6 D569 F620 C819 199A E319 F0BF

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFHUM0jyBkZmuMZ8L8RAm3cAJ9gcqelfEnZqNSJo05mbL 6fBZcRzQCgxUjD
    RHFmAWWue+9kZadSJPns0t8=
    =uHuc
    -----END PGP SIGNATURE-----

  8. Re: Is This A Good Basic Firewall? -- Iptables

    Ed Wilson wrote:

    > Instead of cross-compiling you could install one of these as a
    > stepping stone. http://www.linux-mips.org/wiki/Distributions


    I think I looked at these already ... hang on ... no, not all of them,
    but many that I did look at seemed to assume the presence of a serial
    port on the Qube (rev 2 has; the one I have doesn't)

    > One advantage to setting up a cross-compiling environment is you could
    > use distcc to speed up compile times.


    If I have the cross-compiler installed on all the distcc systems,
    that is, correct? (yes, I think so, based on quickly skimming the
    distcc faq; that might not be appropriate for my own systems, but the
    system that I intend to install the cross-compiling environment on, one
    of these days, is quite fast.)

    > If you are using debian, gentoo or some other distro ...


    I'm a Slackware Snob (TM) ... that's the whole point of the project.

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  9. Re: Is This A Good Basic Firewall? -- Iptables

    +Alan Hicks+ wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > On 2007-11-26, Tom N wrote:
    >>> No, there is not. A default install of Slackware does indeed include
    >>> iptables. A default install of Slackware indeed does *NOT* include
    >>> any packet filter rules enabled by default. In other words, it
    >>> does not provide any "firewall" by default.

    >> That doesn't make much sense, considering how simple a basic firewall
    >> turns out to be.

    >
    > It makes perfect sense. If you want a distribution that will
    > immediately setup everything for you and give you the warm and fuzzies,
    > Slackware isn't for you.
    >
    > I'm going to disagree again with how "simple" a "basic" firewall is.
    > After all, just what is a "basic firewall" anyhow? Is it something to
    > give you a false sense of security on your desktop? Is it something to
    > prohibit any inbound traffic? Is it something to do port forwarding
    > and Network Address Translation? Hint: there is no such thing as a
    > "basic firewall". Every person has different needs, and a good bit of
    > people don't need any firewall at all. Hell, the majority of my
    > Slackware systems don't have any firewall rules loaded.
    >
    >> And how necessary the experts think it is.

    >
    > Just who are these so-called experts exactly? Are these the same
    > people that recommend a firewall for the simple reason that it is a
    > "security feature"? Do these experts even know what your LAN looks
    > like? Do they know if your system is behind another firewall? Do they
    > know what services if any you want to offer? Do they know if you want
    > to forward packets for nodes behind your machine? Beware anyone who
    > claims to be a "security expert". Most of these people are nothing but
    > marketing idiots with canned "solutions" in search of a problem.
    > Anyone who promises to give you a generic tool that will enhance your
    > security should be carefully scrutinized. Most of these people are
    > selling snake-oil, or hauking refrigerators to eskimos.
    >
    >> If a firewall is considered to be optional by Slackware, why not
    >> just leave iptables out of the basic install and save the diskspace?

    >
    > Good point! Let's ditch apache since it isn't turned on by default as
    > well. What about openvpn or samba, neither of which can be quickly
    > turned on because they lack a config file (samples however, are
    > provided)? X doesn't run by default, so we can throw it away, along
    > with xap/, kde/, and kdei/. Pretty soon we'll have Slackware back down
    > to a single CD, with source code!
    >
    > - --
    > It is better to hear the rebuke of the wise,
    > Than for a man to hear the song of fools.
    > Ecclesiastes 7:5
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.7 (GNU/Linux)
    >
    > iD8DBQFHTJuSrZS6hX/gvjoRAmoKAJwJceHm3qiG+32idwlDNOrWVrxYbQCggm3/
    > rbjA0ZuL9ePQ/vYCbAmspFg=
    > =kdRX
    > -----END PGP SIGNATURE-----

    Good response Alan.

    Tom

  10. Re: Why Slackware? was ....

    On 2007-11-30, Tom N wrote:

    [...]

    > Okay. I don't know about this killfile stuff. I'm guessing that has something
    > to do with slrn's scorefile, which I haven't gotten into.
    >
    > I have no problem with just deleting the posts of trolls, and any replies
    > to their posts.


    There is a very /introductory/ section on slrn scoring on this page:

    http://people.aapt.net.au/~adjlstrong/slrn.html

    which would get you started. It is well worth setting up and gives you
    much greater control of your usenet experience IMHO.

    Andrew
    --
    "For the God who sings"
    http://people.aapt.net.au/~adjlstrong/ftgws.html

  11. Re: Is This A Good Basic Firewall? -- Iptables

    On 2007-11-28, Tom N wrote:

    [...]

    > I suggest that you leave the childish insults to creeps like realto
    > margarino.
    >
    > Unless you want to join him and his sock puppets and cronies
    > on 'my never read and never read any responses
    > to' list.
    >
    > I built Slackware 12.0 from a pile of files, which is something
    > that most people here couldn't do.
    >
    > That probably includes you.


    Oops! Turn to page xxi of the 2nd edition of 'Slackware Linux
    Essentials' and see who signed off the Preface.

    Andrew
    --
    "For the God who sings"
    http://people.aapt.net.au/~adjlstrong/ftgws.html

  12. Re: Why Slackware? was ....

    On 2007-12-01, andrew wrote:
    > On 2007-11-30, Tom N wrote:
    >
    > [...]
    >
    >> Okay. I don't know about this killfile stuff. I'm guessing that has something
    >> to do with slrn's scorefile, which I haven't gotten into.
    >>
    >> I have no problem with just deleting the posts of trolls, and any replies
    >> to their posts.

    >
    > There is a very /introductory/ section on slrn scoring on this page:
    >
    > http://people.aapt.net.au/~adjlstrong/slrn.html
    >
    > which would get you started. It is well worth setting up and gives you
    > much greater control of your usenet experience IMHO.
    >


    Thanks a lot, Andrew. I'll give it a read.

    Though I don't see how I can kill posts from people who change their
    names like a whore changes her panties.

    Is there any way, do you know, of marking posts for deletion from
    one's news spool? (I use slrnpull) Total deletion, so-to-speak?

    This is what got me thinking along those line:

    # ; Set a mark at the current article.
    # , Return to previously marked article.
    # # Numerically tag article (for saving / decoding).
    # ESC # Remove all numerical tags.
    # * Protect article from catchup commands.
    # ESC 1 * Remove all protection marks.


    Tom

    --
    simpleman.s43
    That would be at gee male


  13. Re: Why Slackware? was ....

    Hallo, Tom,

    Du meintest am 01.12.07:

    > Is there any way, do you know, of marking posts for deletion from
    > one's news spool? (I use slrnpull) Total deletion, so-to-speak?


    That's no slackware problem. In your case it's an slrn problem, and
    there is at least one better fitting newsgroup for this problem.

    Viele Gruesse
    Helmut

    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".


  14. Re: Why Slackware? was ....

    On 2007-11-30, Beej Jorgensen wrote:
    > Tom N wrote:
    >


    ....



    >> [Me: The Usenet is] A strange world. It obviously needs policing

    >
    > This is a very unpopular notion. There are a few moderated newsgroups,
    > though, where you only see what the moderator approves. Even if a
    > policed version showed up, an non-policed and very popular version would
    > spring up beside it.
    >


    Been thinking about this, Beej. Here's an idea:

    Have the people who run the newsservers maintain a database of names.
    Every name on the Usnenet would be unique. If someone had it before,
    then you can't use it.

    Then, forbid people from using any name but the one they've been
    assigned.

    Sure, they could get multiple accounts, but I think those two measures
    would seriously cut back on trolling without infringing on anyone's
    privacy.

    Privacy is a good thing. A license to be juvenile delinquent punk is not.

    .....

    What do you think?

    Tom


    --
    simpleman.s43
    That would be at gee male


  15. Re: Why Slackware? was ....

    Hallo, Tom,

    Du meintest am 01.12.07:

    > Have the people who run the newsservers maintain a database of names.
    > Every name on the Usnenet would be unique. If someone had it before,
    > then you can't use it.


    Which slackware version?

    What? This theme is not related to slackware? Then go away.
    At least into my killfile.

    Viele Gruesse
    Helmut

    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".


  16. Re: Is This A Good Basic Firewall? -- Iptables

    On Fri, 30 Nov 2007 22:12:43 +0000, Realto Margarino wrote:

    > Mark South says:
    >>On Fri, 30 Nov 2007 15:19:31 +0000, Realto Margarino wrote:

    >
    >>> You are being pedantic, and for no good reason.

    >
    >>

    >
    > Obviously you don't know what pedantic means.




  17. Re: Why Slackware? was ....


    On Sat, 1 Dec 2007, Tom N wrote:

    > Have the people who run the newsservers maintain a database of names.
    > Every name on the Usnenet would be unique. If someone had it before,
    > then you can't use it.


    As a newsmaster I can assure you that will not and can not work because
    there is no central repository, not every news server carries every group,
    and those that do, dont have to aceept or propogate to anyone they dont
    want to.

    >
    > Then, forbid people from using any name but the one they've been
    > assigned.



    It is possible, its called a mailing list, which has a single 'command
    point'

    > Privacy is a good thing. A license to be juvenile delinquent punk is not.


    Those that feel the need to hide who they are, generally are not doing so
    to avoid spam, its because, they are a ****ing wanker who want to cause
    trouble.


    --
    Cheers
    Res



  18. Re: Why Slackware? was ....

    On 2007-12-01, Helmut Hullen wrote:
    > Hallo, Tom,
    >
    > Du meintest am 01.12.07:
    >
    >> Have the people who run the newsservers maintain a database of names.
    >> Every name on the Usnenet would be unique. If someone had it before,
    >> then you can't use it.

    >
    > Which slackware version?
    >
    > What? This theme is not related to slackware? Then go away.
    > At least into my killfile.


    Jeesh Helmut! Have yourself a nice tall glass of schnapps and we'll talk
    about it when you are all relaxed.

    Tom



  19. Re: Why Slackware? was ....

    On 2007-12-01, Helmut Hullen wrote:
    > Hallo, Tom,
    >
    > Du meintest am 01.12.07:
    >
    >> Is there any way, do you know, of marking posts for deletion from
    >> one's news spool? (I use slrnpull) Total deletion, so-to-speak?

    >
    > That's no slackware problem. In your case it's an slrn problem, and
    > there is at least one better fitting newsgroup for this problem.


    So we can't discuss configuring applications that come with Slackware
    here?

    That leaves the kernel.

    All right everyone, from now on we only discuss the kernel.

    But it's a stock kernel, and not unique to Slackware at all.

    So I guess we just close up shop and go home.

    Nice knowing you all.


    Tom



    --
    simpleman.s43
    That would be at gee male


  20. Re: Is This A Good Basic Firewall? -- Iptables

    On Tue, 27 Nov 2007 23:12:37 +1000,
    Richard James wrote:

    > ...I do work as a computer technician and have
    > seen the results of drive-by spyware infections and worms on MS
    > Windows systems.


    Speaking of which, you might enjoy the following comic:

    http://xkcd.com/350/

    --
    Theodore (Ted) Heise Bloomington, IN, USA

+ Reply to Thread
Page 7 of 9 FirstFirst ... 5 6 7 8 9 LastLast