On Thursday 09 August 2001 09:45 am, Rafael 'Dido' Sevilla wrote:
> On Wed, Aug 08, 2001 at 10:23:59PM +0800, Miguel A.L. Paraz wrote:
> > One minor nit I have with RH 7.1. Since it's running kernel 2.4.x, why
> > are they using ipchains and not iptables for the default firewall config?
> > Is there a hidden reason?
>
> Boss, I've heard there are still some security-related bugs with using
> iptables in 2.4.2 (which is what 7.1 ships with). Maybe the folks at
> Red Hat would like wait until these bugs are ironed out before they
> make it the default firewalling method.
Actually, there is a nasty bug in the implementation of the RELATED feature
in the iptables FTP stateful inspection implementation on the kernel 2.4.0
through 2.4.3 (bugtraq id 2602). RedHat 7.1 was released with 2.4.2. They
have since fixed it with another kernel release. I would hazzard a guess
that this is the probable reason for pushing ipchains. If you plan on using
RedHat 7.1, don't use their stock kernel.
The netfilter developers released a patch to fix it though. You can get this
patch at http://netfilter.samba.org. You can also get the newer kernels from
kernel.org.
BTW, RedHat, like most other distros, does release updates to fix problems in
their distro. In fact, there are quite a few right now, under their
Securities Advisories section of the download page for 7.1. (There is a much
longer list for 7.0 though :-)
----------------------------------------
Content-Type: application/pgp-signature; charset="us-ascii";
name="Attachment: 1"
Content-Transfer-Encoding: 7bit
Content-Description:
----------------------------------------
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
