Matt:
Heya. Some quick comments inline:
> > Sounds good! I haven't checked echoWall on Oxygen yet,
> > so good going.
>
> Thanks Scott, but they don't make it easy. There's no /etc/version
> or convenient uname switch so a script can determine what OS it's
> running on.
Gah. I was wondering about that. The only thing preventing
echoWall from running on Oxygen is that it needs a different gatping
binary. Which we have, sure. Trick is to install the right one, either
when the package is first installed via "lrpkg -i" or when it detects
that it's being run for the first time. That I know I can detect. But
now I need to consider how to detect the glibc version...
> Well I wasn't sure what you were going to release.
> I took a look at your website and it seems like
> you're making good progress at echogent.com from the looks
> of things.
Heh. :) Our major release is on target for the end of the
year. It's a "personal VPN" application called Kaboodle. It's
designed to let average Internet users (ZDNet called them "the
clueless" in a recent article; Dave Cinege's sobriquet for them
was "idiots") create a peer-to-peer VPN connection without needing
to know anything about IP address, nevermind what their own is.
The intent is to allow any TCP/IP app to tunnel across that
connection, and so become point-to-point secure. Am starting with
VNC, a personal favorite.
It's a Windoze app, it's built in VC++, it's open source,
and I'm working on the sourceforge website in my spare time
(whatever that expression means, I cannot recall).
> >It's a BSD license, and gawd knows I learned most
> > of the basics from your rc.pf to begin with. :)
>
> Shucks. I don't know much from licenses, though.
> That's my brothers side of the family.
Here's how I keep them straight: there are basically
two things an open-source license speaks towards: can the code
be combined with non-open code; can modifications be taken
private into closed apps. The GPL says no to both. The LGPL
says yes to the first, no to the second. The BSD license says
yes to both.
Playing fast and loose here, but AFAIK that's a good
rule of thumb(s).
> > Honestly I'm flattered that anyone's using it all besides me...
>
> I'm not. You made it very well. It's was cool of you to analyze
> all those inbound services and script them in the rules file. That's
> looks like a neat hobby. Have you announced if for any other os or
> just for LEAF users? If you haven't, that's an awful lot of succinct
> data on inbound services to hide at LEAF.
Thanks! I should give it some more thought, perhaps release
a more conventional tarball with a more conventional INSTALL script.
Once I get the which-gatping-to-use issue settled, I should go
for this.
> > Quick question: when you start it up, does it blow
> > away what was there by default, or will there be conflict?
>
> Yes it runs a global flush and clobbers any of the good work
> that Charles runs by default. Funny thing is, I always thought
> it was just called Dachstein, not Dachstein Firewall. Once I ran
> it, though, I realized that Charles had gone past a general router,
> hardened it, and added a lot of nice touches like dnscache, and load
> balancing. As I was near completion, I rolled it out for Dachstein,
> anyway.
The ram-disk log partition is my favorite. I've had to
reboot my ES2B router once a month because of the firewall log
filling the ramdisk...
> Got to code some Java now for a break. Btw, do you have any idea
> why a Nessus scan of my firewall would say that port 0 is open to
> udp and tcp in the form a bonk attack? I have those ports blocked
> the usual way, so I'm thinking they're spurious report items.
I didn't know there was a usual way to block those. That
is, I didn't think the stock ES2B firewall rules addresses the
non-standard port-0. I should check "ipchains -ln" the next time
I boot sans echoWall...
cheers,
Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
