> filesystem.I also read about the LEAF cd and floppy configuration.But i > want to install LEAF over a network where any changes in the network say > i want to block access to a certain computer i would like to change the > settings in leaf.cfg and save it on the harddisk.
Not in LEAF/Bering. The place to do that is in IPTABLES on your SUSE workstation system. My rule set has a "blacklist" chain that drops all packets coming or going to IP addresses/ranges that have tried too hard to see what/who I am. > Now since LEAF is a distro how would i run it on SUSE?Is it by You don't! Why do you keep insisting to make Bering run under SUSE? It doesn't! "Distros" don't run in other distros, they run themselves. > installing a virtual machine like VMWARE or is there any other Don't even go there! There is little chance that the average script kiddie or wannabe hacker would be able to penetrate Bering, though the best ones out there probably could, if they thought your system were worth the effort. There is a huge advantage to running Bering on its own box though. If/when you notice unusual activity or behavior by the Bering system, that it MAY have been compromised, you can immediately hit the power-off button without messing up your workstation. All you lose is a connection. If, as you should have done, your LEAF/Bering is loaded from physically write-protected media, you can wait just a few minutes to make sure RAM has been wiped, then power-on none the worse--episode over. If you're running on a virtual machine, a) you can't power-off with impunity, b) a compromised firewall virtual machine has SUSE's full toolset on an accessible hard drive, and c) you can never be entirely sure just how far the penetration got, so the whole system is suspect! > Paul u stated something about iptables specially for SUSE, how can LEAF > be configured on SUSE. For the last time, IT ISN'T! IPTABLES is a stateful packet filter built into the Linux kernel v2.4 & above. The iptables command is used to instruct it which packets are allowed to pass, and which are thrown into the bit-bucket. IPTABLES is built into your SUSE-10.2 kernel, it just a matter of providing it with a good set of rules--some of the sets you'll find are much better than others. The ones I use are much tighter than many but don't impede me. And this is behind my Bering firewall! For example, I don't allow output to ports 81 or 8080. These are often used by dodgy websites as secondary "back channels", ET phoning home as it were. Naughty, naughty. Bering can't know enough about what's going on in my workstation to block some specific packets. FTP is a problematic protocol. If I want to run FTP I can add appropriate rules to IPTABLES on the fly. When I'm done, remove them. If I've visited somewhere with a browser that on the sly is trying to download something, it gets dropped & logged, and I find out. Bering couldn't have known that at that specific time FTP wasn't something I wanted happening. It's not paranoia when they really ARE out to get you! > Thanking you ,When i get this logical road block about LEAF away the > installation process is a bit easy. Not until you understand how all the pieces fit together. At this point you're on your way to trouble. Nothing is worse than a misplaced sense of security. > system rather than a dedicated box. You can get an old pentium with a > CDROM and an ethernet card at Goodwill for under $40 and borrow Depends on where he is. (And Goodwill around here doesn't resell donated systems anyway.) > I can confirm, at least under VMWare Server, that this configuration > works well. That's a matter of opinion. Not everything that CAN be done, SHOULD be done. ;-) -- Paul Rogers [EMAIL PROTECTED] http://www.xprt.net/~pgrogers/ Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) -- http://www.fastmail.fm - Access all of your messages and folders wherever you are ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
