RE: [SLUG] Help on Nessus

Wed, 04 Jul 2001 21:50:08 -0700 

I think ipchains is disabled in the kernel anyway.
So I can't use it or ipfwadm

Only the option for IPTables I guess

-----Original Message-----
From: Jobst Schmalenbach [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 5 July 2001 2:51
To: [EMAIL PROTECTED]
Subject: Re: [SLUG] Help on Nessus


On Thu, Jul 05, 2001 at 11:18:35AM +1000, Crossfire ([EMAIL PROTECTED]) wrote:
> Booth, Christopher (Aus) - ATP was once rumoured to have said:

[snip]

> For firewalling, first learn about the IP protocol.  TCP/IP
> Illustrated by W.R. Stevens is still the best reference on the
> protocol.  Then you should start learning about how packet filters
> work, and then you should start working out how to use packetfilters
> to limit communications.  I recommend starting with ipf or ipchains,
> and only switching to iptables once you've gotten used to using
> ipchains.

What you said at the start is perfect, yet I disagree with what you said
about ipchains/iptables (or gosh does this end up in a discusion aka 
learn pascal first then learn C ??? hehehehehe).

IMHO ipchains teaches you "wrong things" eg the way packets flow.
  * Iptables has routing built in which makes a descision where 
    packets go not interfering with the input chain.
  * In iptables the log target is better than the log rule.
  * Iptables has the reject target with rules how to reject (icpm)
    which is non existing in ipchains.

I would go straight to iptables, skipping ipchains.
When I started using iptables I had a few questions amongst
"why have two similar packages". Rusty (the maker of ipchains) ansered
that ipchains will be phased out; if you already have ipchains you
can stick with it for a while, but if you new go with iptables.

jobst




PS: (I went stright to C ;-)), skipping pascal)


-- 
Goldwaithe's lemma of Murphy's third law:  The line in which you are waiting
is always the slowest.  If you move, the line you move to stops.  If you
move back, both lines stop, and everyone is angry with you.

|            __, Jobst Schmalenbach, [EMAIL PROTECTED], Technical
Director|
|  _ _.--'-n_/   Barrett Consulting Group P/L & The Meditation Room P/L
|
|-(_)------(_)=  +61 3 9532 7677, POBox 277, Caulfield South, 3162,
Australia|

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Reply via email to