If you read what I wrote one more time you can see that I never denied that
fact.
/P
On 2002-03-27 09:35, Clifford Thurber revealed:
CT I believe the BSD ipfilter *is* stateful.
CT
CT At 08:42 AM 3/27/2002 +0100, The Pal / Patrik Bodin wrote:
CT On 2002-03-27 10:30, Peter Trifonov revealed:
CT
Well so far there are 3 main stream firewall packages
for bsd (that ship with the OS).
IPFW (ip firewall)
IPF (ip filter)
PF (packet filter)
IPFW comes with FreeBSD.
IPF runs on any BSD (Free,Net,Open*,BSD/OS)
PF comes with OpenBSD.
My own taste would be ipf, but i really like some of
the
Care to explain your statement?
You can't make it do the _same_ stateful inspection
as the PIX does, and you
can't make it achieve the same prestanda without
using a more powerful machine,
__
Do You Yahoo!?
Yahoo! Movies - coverage of the
Hi all,
I had a bit of an unnerving experience last week and just wondered if
anyone else had seen this ..
We lost a Nokia IP440 (hard disk failure !). Failover worked fine but I had
to replace the primary bx.
While installing the new primary I had some switch problems that prevented
me
-BEGIN PGP SIGNED MESSAGE-
Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication
Fails
Revision 1.0
For Public Release 2002 March 27 17:00 UTC
- ---
Contents
Summary
Affected
Heres how to unsubscribe:
First, ask your Internet Provider to mail you an Unsubscribing Kit.
Then follow these directions.
The kit will most likely be the standard no-fault type. Depending on
requirements, System A and/or System B can be used. When operating
System A, depress lever and a
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 28, 2002 3:02 PM
To: [EMAIL PROTECTED]
Subject: Firewalls digest, Vol 1 #623 - 8 msgs
Send Firewalls mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the
there is something called ipmasqadm it's an rpm i am currently using it to
redirect port 3306 (mysql) to an internal server with non-routable IP , i am
doing it on SuSE linux , i am using ipchains :) but i think you can do it
with iptables should be a breeze
this is my current rule for
Hi guys
Am I correct in saying the Pix series firewalls does not integrate with
LDAP themselves, rather, they can use a Cisco Secure Access Control
Server, which in turn integrates with a LDAP server right?
Cheers
Pieter
___
Firewalls mailing list
Scott Adamson wrote:
---8---
#/sbin/modprobe ip_conntrack
---8---
#/sbin/modprobe iptable_nat
---8---
From Robert Ziegler's Book, page 278:
Connection Tracking and NAT automatically reverse the translation for
packets returning from the server.
Since the RH kernel is modular
Daniel Crichton wrote:
I did already have fixup protocol ftp 21 on the PIX, although I don't
run any ftp servers. It seems that this is a default on a new box. I tried
disabling this, and now I can ftp to the hosting provider.
This might be the result of the add another layer of toilet
On 28 Mar 2002 at 15:31, Mikael Olsson wrote:
If passive mode starts working when you disable the ftp fixup,
I'd suspect something along these lines. But you shouldn't
be allowing active FTP to your clients anyway -- bad security
practice.
I know :) I don't allow incoming connections to
Daniel Crichton wrote:
But disabling [ftp pixups] also stops me from allowing active
FTP should I need to set up my own FTP server - not
necessarily a bad thing though.
Well, the flip side of the coin is that, for servers, active mode
the better one, security-wise, and passive mode is
I would put a fresh copy of IPSO back on the box to be sure everything is
ok. If you continue having these problems, you should be able to have IPSO
check for bad blocks (never tried it, but can't imagine why you could not)
and get another new drive. Sounds like you have hardware support for the
The squid transparent proxy howto describes this in some detail.
http://www.linuxdoc.org/HOWTO/mini/TransparentProxy.html
David Bronson
Martin Peikert writes:
Scott Adamson wrote:
---8---
#/sbin/modprobe ip_conntrack
---8---
#/sbin/modprobe iptable_nat
---8---
still waiting :)
Just wondering where you are going with this.
--- bob bobing [EMAIL PROTECTED] wrote:
Care to explain your statement?
You can't make it do the _same_ stateful
inspection
as the PIX does, and you
can't make it achieve the same prestanda without
using a more powerful
16 matches
Mail list logo