Shlomi Fish wrote:
On Friday 13 August 2004 08:54, Shachar Shemesh wrote:
Shlomi Fish wrote:
Hi all!
Sometimes I have to download and install programs for source on iglu.org.il. That was the case for MediaWiki. What I did was wget the file from vipe.technion.ac.il (which has a fast connection) and then scp it to eskimo. This is quite of a kludge. Is there any way to temporarily open an outgoing port, so I can download it from there, and then closing it?
( YI, MediaWiki is not in Debian Stable. )
BTW, it seems that I have no idea where the firewall configuration is found? Can anyone elaborate on it?
Regards,
Shlomi Fish
The firewall configuration is in /var/lib/iptables/active. It is in the format stored by "iptables-save", except it has comments on the rules. Doing /etc/init.d/iptables reload loads a new policy. However, if what you are going to do is to temporary open a port, please just use "iptables" to open the port, and /etc/init.d/iptabels reload to return to the saved policy.
THAT SAID, please rethink your policy. One of the reasons this particular security measure was put in place was to stop people from carelessly adding, downloading, running and otherwise modifying the machine's configuration. By having an easy workaround, you are effectively neutralizing this security measure.
Can you please give the machine's admins a complete list of all the packages installed from source, their versions, and the homepages for each of them? As far as sane security policy goes, this list is a prerequisite of installing ANYTHING outside of the updated apt-sources. I don't feel it exists at the moment.
Well, I need:
1. A CPAN mirror. (if iglu.org.il is OK, I can use ftp://ftp.iglu.org.il/)
2. A sourceforge mirror.
3. A GNU mirror.
Why don't you make the list I talked about, first?
Also, very soon Debian Sarge is going to have security updates. When that happens, I have no objection to moving eskimo to sarge, and helping Debian with finalizing the distro.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
