Shlomi Fish wrote:
The firewall configuration is in /var/lib/iptables/active. It is in the format stored by "iptables-save", except it has comments on the rules. Doing /etc/init.d/iptables reload loads a new policy. However, if what you are going to do is to temporary open a port, please just use "iptables" to open the port, and /etc/init.d/iptabels reload to return to the saved policy.Hi all!
Sometimes I have to download and install programs for source on iglu.org.il. That was the case for MediaWiki. What I did was wget the file from vipe.technion.ac.il (which has a fast connection) and then scp it to eskimo. This is quite of a kludge. Is there any way to temporarily open an outgoing port, so I can download it from there, and then closing it?
( YI, MediaWiki is not in Debian Stable. )
BTW, it seems that I have no idea where the firewall configuration is found? Can anyone elaborate on it?
Regards,
Shlomi Fish
THAT SAID, please rethink your policy. One of the reasons this particular security measure was put in place was to stop people from carelessly adding, downloading, running and otherwise modifying the machine's configuration. By having an easy workaround, you are effectively neutralizing this security measure.
Can you please give the machine's admins a complete list of all the packages installed from source, their versions, and the homepages for each of them? As far as sane security policy goes, this list is a prerequisite of installing ANYTHING outside of the updated apt-sources. I don't feel it exists at the moment.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
