-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Burke, Thomas G. wrote: | I've thought about that, but really, My firewall only allows | connection to ssh, sendmail, and http, so there's not a lot to worry | about security-wise. I don't feel like having to learn something | besides ipchains, since I've got that working good. As long as I can | keep it updated to a certain point, I'm sure that's OK, unless you | can give me a compelling reason to install a newer version.
Tom, Just because you've firewalled other services does *not* mean you're safe from attacks. There have been recent exploits to ssh and http which need to be considered as well which a simple ipchains firewall will not protect from. A firewall only blocks connections to undesired ports and from certain source IP's if you take it that far. Your due diligence on keeping your machine up to date takes care of the rest. Unless you're willing to take over the updates once Red Hat has stopped supporting it (by downloading and compiling the source yourself), you're doomed for vulnerability once something is discovered and Red Hat no longer provides a fix for your version. 7.3 and 8.0 both still support ipchains. 7.3's lokkit uses it by default, 8.0 moved to iptables, but still supports ipchains if you want it. Benefits for moving up to a newer version (7.3 or 8.0) are the use of a recent 2.4.x kernel which is going to noticeably improve performance over the older 2.2.x kernels. Other improvements are newer (and feature enhanced) packages over the 6.x platforms. Reasons to learn iptables, however, would be the capability for stateful inspection vs. simple packet filtering, and greater flexibility in chain rules. You'll find the similarities astonishing and quite simple to adapt to. Resistance to change will only be a hindrance in the end. HTH, - -Rick - -- Rick Johnson, RHCE - [EMAIL PROTECTED] Linux/WAN Administrator - Medata, Inc. PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Signed and/or encpryted for everyone's protection. iEYEARECAAYFAj3+EIEACgkQIgQdhlSHZgM+yACfbNXK5l+mGLeVs16x9JobolFR 654AnjT6AUimghrXH3uRdSMtqCf2rmhL =ipEJ -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
