On Thu, Nov 02, 2000 at 12:18:16PM +0000, Thomas Ribbrock wrote:
> On Wed, Nov 01, 2000 at 06:16:53PM -0500, Michael H. Warfield wrote:
> > That's a feature of netfilter. Netfilter is standard for the
> > 2.4 kernels and available as a patch for 2.2 kernels. It is not a feature
> > of ipchains.
> Out of interest: Is that a fully fledged state-keeping filter then?
> (i.e. all protocols, not only TCP)
By "all protocols" I assume you mean ICMP and UDP? Yes...
I'm not quite sure how that's going to work with protocol 50
(ESP), but I'm going to find out. Since ESP (AKA IPSec) does it's own
authentication, I would hope that once the connection is established
there would be no need for timeouts, like in the UDP and ICMP case.
> I'm just curious, as I just switched my little home network firewall
> from RHL to OpenBSD and I was pleasantly surprised by the ease with
> which you can set up a firewall with IP Filter, including state-keeping
> and all.
Now if OpenBSD itself were just a little less archane to setup.
I've found too many ways to panic the kernel (OpenBSD 2.6) just by
twiddling with IPSec. (Don't set it up if you are not ready to run it
or FULLY configure it or you will be saying HELLO! to single user mode
while you fix it).
> Cheerio,
> Thomas
> --
> "Look, Ma, no obsolete quotes and plain text only!"
>
> Thomas Ribbrock | http://www.bigfoot.com/~kaytan | ICQ#: 15839919
> "You have to live on the edge of reality - to make your dreams come true!"
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
