Bug#339865: marked as done (harden-doc: don't ship notes on iptables frontends which will likely get out-of-date fast)

Fri, 31 Mar 2006 14:58:47 -0800 

Your message dated Fri, 31 Mar 2006 14:32:52 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#339865: fixed in harden-doc 3.5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: harden-doc
Version: today's CVS
Severity: wishlist
Tags: patch


Hi,

The list of iptables frontends in the Securing Debian Manual is getting
out of date fast.  I guess it's better to maintain such a list on a
wiki.  (See also
http://lists.debian.org/debian-firewall/2005/10/msg00045.html .) I've
copied the volatile stuff to the Firewalls page on
http://wiki.debian.org/Firewalls.  Attached patch removes it from the
manual, and adjusts the surrounding text to refer to the Wiki.

Bye,

Joost



--- services.sgml.orig  2005-11-19 12:37:00.571383340 +0100
+++ services.sgml       2005-11-19 13:08:20.299186702 +0100
@@ -1571,54 +1571,19 @@
 <em>personal firewall</em>) and some are more versatile and can be
 used to configure complex rules to protect whole networks.
 
-<p>Some software that can be used to set up firewall
-rules in a Debian system is:
-
-<list>
-<item><package>firestarter</package>, a GNOME application oriented
-towards end-users that includes a wizard useful to quickly setup
-firewall rules. The application includes a GUI to be able to monitor
-when a firewall rule blocks traffic.
-<item><package>fwbuilder</package>, an object oriented GUI which
-includes policy compilers for various firewall platforms including
-Linux' netfilter, BSD's pf (used in OpenBSD, NetBSD, FreeBSD and 
-MacOS X) as well as router's access-lists. It is similar to enterprise
-firewall management software. Complete fwbuilder's functionality is
-also available from the command line.
-<item><package>shorewall</package>, a firewall configuration tool
-which provides support for IPsec as well as limited support for traffic 
-shaping as well as the definition of the firewall rules. Configuration
-is done through a simple set of files that are used to generate the
-iptables rules.
-<item><package>guarddog</package>, a KDE based firewall configuration
-package oriented both to novice and advanced users.
-<item><package>knetfilter</package>, a KDE GUI to manage firewall
-and NAT rules for iptables (alternative/competitor to the guarddog tool
-although slightly oriented towards advanced users).
-<item><package>bastille</package>, this hardening application is
-described in <ref id="automatic-harden">. One of the hardening steps
-that the administrator can configure is a definition of the allowed and
-disallowed network traffic that is used to generate a set of firewall
-rules that the system will execute on startup.
-<item><package>mason</package>, an application which can propose
-firewall rules based on the network traffic your system "sees".
-<item><package>ferm</package>
-<item><package>lokkit</package> or <package>gnome-lokkit</package>
-<item><package>ipac-ng</package>, helps setup not traditional firewall
-rules but network traffic classification rules.
-<item><package>filtergen</package>
-<item><package>fiaif</package>
-<item><package>hlfl</package>
-<item><package>kmyfirewall</package>
-<item><package>netscript-2.4</package>
-</list>
-<!-- No longer available :
-fwctl 
-fireflier
-easyfw
-firewall-easy
-gfcc
--->
+<p>A (presumably pretty up to date) list of iptables-frontends in Debian is
+maintained at the <url id="http://wiki.debian.org/Firewalls"; name="Firewalls
+page on the Debian wiki">.  Some of the popular packages that can be used to
+set up firewall rules in a Debian system are <package>ferm</package>,
+<package>firehol</package>, <package>firestarter</package>,
+<package>fwbuilder</package>, <package>guarddog</package>,
+<package>ipmenu</package> and <package>shorewall</package>.
+
+<p>A special one is <package>bastille</package>: this hardening application is
+described in <ref id="automatic-harden">. One of the hardening steps that the
+administrator can configure is a definition of the allowed and disallowed
+network traffic that is used to generate a set of firewall rules that the
+system will execute on startup.
 
 <p>Notice that some of the packages outlined previously will
 introduce firewalling scripts to be run when the system boots.
@@ -1629,7 +1594,7 @@
 (which might not be what you pretend). Consult the package
 documentation and use either one of these setups. 
 
-<p>As mentioned before, some programs, like <package>firestarter</package>, 
<package>guarddog</package>
+<p>Some programs, like <package>firestarter</package>, 
<package>guarddog</package>
 and <package>knetfilter</package>, are administration GUIs using either GNOME 
or KDE 
 (last two). These applications are much more user-oriented 
 (i.e. for home users) than some of the other packages in the list

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: harden-doc
Source-Version: 3.5

We believe that the bug you reported is fixed in the latest version of
harden-doc, which is due to be installed in the Debian FTP archive:

harden-doc_3.5.dsc
  to pool/main/h/harden-doc/harden-doc_3.5.dsc
harden-doc_3.5.tar.gz
  to pool/main/h/harden-doc/harden-doc_3.5.tar.gz
harden-doc_3.5_all.deb
  to pool/main/h/harden-doc/harden-doc_3.5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated 
harden-doc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 30 Mar 2006 23:42:12 +0200
Source: harden-doc
Binary: harden-doc
Architecture: source all
Version: 3.5
Distribution: unstable
Urgency: medium
Maintainer: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Description: 
 harden-doc - Useful documentation to secure a Debian system
Closes: 335104 339865 340535 342152 348851 359840
Changes: 
 harden-doc (3.5) unstable; urgency=medium
 .
   * Updated to latest CVS version (3.5):
      - Patch from Joost van Baal improving the information on the firewall
        section (pointing to the wiki instead of listing all firewall packages
        available) (Closes: #339865)
      - Fix some  typos (Closes: #342152, #340535)
      - Provides new Makefile which builds with latest make version (Closes: 
#359840)
      - Use the quote from the Social Contract 1.1 instead of 1.0 as suggested
      by Francesco Poli. (Closes: #335104)
      - Included a patch from Thomas Sjögren which describes that
        'noexec' works as expected with "new" kernels, adds information
        regarding tempfile handling, and some new pointers to external 
documentation.
      - Add a pointer to Dan Farmer's and Wietse Venema's forensic discovery web
        site, as suggested by Freek Dijkstra, and expanded a little bit the 
forensic
        analysis section with more pointers.
      - Fixed URL of Italy's CERT, thanks to Christoph Auer.
      - Reuse Joey Hess' information at the wiki on secure apt and introduce it
        in the infrastructure section.
      - Review sections refering to old versions (woody or potato)
      - Fix some cosmetic issues with patch from Simon Brandmair.
      - Included patches from Carlo Perassi: acl patches are obsolete,
        openwall patches are obsolete too, removed fixme notes about 2.2 and 2.4
        series kernels, hap is obsolete (and not present in WNPP), remove
        references to Immunix (StackGuard is now in Novell's hands), and fix a
        FIXME
      - Updated references to SElinux web pages to point to the Wiki (currently
        the most up to date source of information)
      - Include file tags and make a more consistent use of "MD5 sum" with a
        patch from Jens Seidel.
      - Review the FAQ section on vulnerability stats, thanks to Carlos
        Galisteo de Cabo for pointing out that it was out of date. (Closes: 
#348851)
      - German tranlsation update
      - French translation update
Files: 
 eba05804b53184548d6ebbe724d9abf0 781 doc extra harden-doc_3.5.dsc
 e8d0676b72f2b08d9791e17b89c43cb1 1168433 doc extra harden-doc_3.5.tar.gz
 b9b9a5afdf2dc12f70d698f35ecdb82e 4430854 doc extra harden-doc_3.5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQCVAwUBRCxXJftEPvakNq0lAQJCQQQAgec03l3OiliVjbrHNDDDQ2F1A09ptN0U
ZewAW9T56GK6TupUNJy9EPbiSA1asnEJF940tvr5WFe99lyhuEHx7GcwMVbik2U6
JHSNKIbFc/nfX/hDK0vr76ofA8nUKirRxRwyNQ6UFtOn8n/pE9oZV63SD6L1+MVs
az5AEgY0VrY=
=NbAf
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to