Hi George,
Cool - I will start playing with this as soon as I get some spare time.
:-)
As for ipchains and ipfwadm - bugger it. If we are going to make the
leap to a 2.4.x kernel, then I say we should also make the leap to a
true iptables stateful firewall configuration too.
I'm definitely interested in the updating work currently being done to
the Eigerstein 2 Beta image, and would be more than happy to contribute
where and when I can. Unfortunately, I am a bit tied down at the moment
so am finding it difficult to find the time to apply to lrp. I'm
looking at rearranging my time so I sleep less and play more, but I may
take some convincing on that.
Regards,
Hilton
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:leaf-devel-
> [EMAIL PROTECTED]] On Behalf Of George Metz
> Sent: Friday, 20 April 2001 4:58 PM
> To: [EMAIL PROTECTED]
> Subject: [Leaf-devel] Patched kernel 2.4.3 (about to be) available.
>
> Okay gang, got the FTP security patch from the Netfilter boys and
applied
> it. Kernel is compiled and I'm about to tar and gzip it. I also took
the
> opportunity to go weeding.
>
> The final result is as follows:
>
> 1. Kernel is no longer able to mount filesystem images on the loopback
> device.
> 2. There is no longer a PCI Device Database, so PCI devices are listed
in
> /proc/pci by card ID.
> 3. The Network Block Device was removed, as I couldn't really see a
need
> for it on a secure system.
> 4. Modularized serial support.
>
> Some of these are a little questionable in my own mind, to be honest,
so
> I'd like some feedback from people on whether or not the tradeoff is
> acceptable. However, the final results are impressive. Here's the
previous
> Standard and UPX-Compressed 2.4.3 kernels:
>
> -rw-r--r-- 1 wolfstar root 552k Apr 11 03:45 kernel.standard
> -rw-r--r-- 1 wolfstar root 481k Apr 11 03:46 kernel.upx
>
> Here's the current one:
>
> -rw-r--r-- 1 wolfstar root 474k Apr 20 02:38 kernel.standard
> -rw-r--r-- 1 wolfstar root 411k Apr 20 02:39 kernel.upx
>
> So we're looking at about 70-75k of space savings, and that's TRULY
> spectacular. I might go back in and try putting back the Serial
support
> and see how that affects kernel size, but this is a LOT of space
saving.
>
> On another note, I was also going to add the ipchains and ipfwadm
> compatibility modules, but I discovered that that would require
building
> the default conntrack module and the iptables module AS modules,
instead
> of built in.
>
> --
> George Metz
> Commercial Routing Engineer
> [EMAIL PROTECTED]
>
> "We know what deterrence was with 'mutually assured destruction'
during
> the Cold War. But what is deterrence in information warfare?" --
Brigadier
> General Douglas Richardson, USAF, Commander - Space Warfare Center
>
>
> _______________________________________________
> Leaf-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-devel
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
