Sorry, I thought that my feelings on Rob Zeiglers firewall tool
were quite well known on the list. But for the benefit of those
who are just joinig us, here is a brief synopsis:
1) The scripts are bloated with a lot of un-needed crap that can
lead to exploits
2) In his book, Rob admits "I don't know what these lines do or
mean, so just leave them in"
3) The scripts are poorly organized with a lot of redundancy
4) The first part of the script contains code to inject values
into /proc, which should be in a completly different, unrelated
script.
5) The scripts (and the tool itself) are stringent and only allow
for the most basic of operations.
Basically, this entire thread is a perfect example of why I
dislike Rob's tool. There are lines of code that allow for port
forwarding of traffic to the internal network for no good reason.
This is a MAJOR security hole in the script. Why would you want
traffic from the outside forwarded to the internal network if
there is no service on the inside that you want public?
Kenny
Dave Seidel wrote:
>
> That's not a very helpful statement. Care to share with
> us *why* you wouldn't trust the script, or should we just
> take your word for it?
>
> -- Dave
>
> On Tue, 15 Aug 2000 12:00:34 -0400, Kenneth E. Lussier said:
>
> > Linux-firewall-tools.com is Rob Zeiglers website. I wouldn't
> > trust my system to be protected by that script.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
