Background: I recently built a Linux bridge-firewall using a minimal (w/no GUI) RH 7.3 install because there was a pre-compiled kernel that included the bridging code. (kernel-2.4.18-10brnf0.0.7.i386.rpm)
Everything is working great after two weeks of reading/learning (I'm an windows programmer/admin). Now I see there is a security hole regarding the forward iptables chain (CAN-2003-0552 - Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host). I thought I'd eliminate security patching by not giving the interfaces any addresses thereby limiting access to the box to only the physical terminal and having it be "invisible" to the outside (and inside for that matter), but this seems to circumvent that. My questions are, and please remember you're talking to a newbie so be gentle. :) Do I _need_ to apply the patched kernel? If so, 1. I haven't been able to find a clear explanation of what the various rpms do, i.e. I know what the kernel and -source patches are, but what's the purpose of the -BOOT, and _doc rpms and what do I do with them? I don't mind reading and learning if someone could point me in the right direction. 2+ days with google has only left me a little more confused. 2. I noticed that quota-3.06-9.7.i386.rpm (RH) must be installed prior to patching the kernel, this seems to have something to do with hard disk quotas. Why would this need to be installed first if I don't use it? 3. Will it require me to re-compile the kernel with the latest bridging code? In other words, will it remove the existing bridging code? I though you could update the kernel (-Uvh) to only apply the differences? I think I can figure out how to re-compile the kernel if necessary.... possibly. :) Thanks in advance for any and all help. Regards, Ken Ken Goods Network Administrator MIS Dept. AIA Insurance, Inc. 111 Main Street PO Box 538 Lewiston, ID 83501 Phone: 208-799-9023 Websites: http://www.cropusainsurance.com Email: [EMAIL PROTECTED] _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
