Re: [Cooker-firewall] shorewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 15:54, mercoledì 2 ottobre 2002, hai scritto: Alle 08:43, martedì 1 ottobre 2002, hai scritto: Hello, ... in that case, you should eventually use the public mandrake cvs ... try the firewall2 module ... eventually install the snf-en packages (in order to be able to test) and, maybe if you really want, you can have a look at this space-separated entries ... ok I'll take a look this WE ... what is the cotrrect CVS_ROOT to set ? cooker/ ? ok I have checked out firewall2 module and taken a look to the php dir. I made some minor changes and i'm substituing all occurrences of deprecated $HTTP_*_VARS[] with newer $_*[] superglobals. I'll search for the code that shold allow space-separated entries ... (do you already know about it ?!? ) IMHO the current code of the php frontend is not so robust, uses a lot of where ' were better, uses deprecated funtions and don't perform all the securiy and integrity checks it should be... may I have a CVS account and make these improvments ?!? Best Reguards - -- ?php echo Emiliano `AlberT` Gabrielli \n, E-Mail:\t\t [EMAIL PROTECTED] \n, \t\t [EMAIL PROTECTED] \n, Web:\t\t http://SuperAlberT.it \n\t\t http://www.totocom.net \n, IRC: \t\t #php,#AES irc.azzurra.com \n ICQ UIN: \t\t 158591185; ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pDp/HT7fKa+io+URAnz/AKC0Fidib+f8qJSiq6MawKQ02qRDawCfehCp FtqphxVVucbUTsbPdAtHSIY= =BIGn -END PGP SIGNATURE-
Re: [Cooker-firewall] shorewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 08:43, martedì 1 ottobre 2002, hai scritto: Hello, ... in that case, you should eventually use the public mandrake cvs ... try the firewall2 module ... eventually install the snf-en packages (in order to be able to test) and, maybe if you really want, you can have a look at this space-separated entries ... ok I'll take a look this WE ... what is the cotrrect CVS_ROOT to set ? cooker/ ? - -- ?php echo Emiliano `AlberT` Gabrielli \n, E-Mail:\t\t [EMAIL PROTECTED] \n, \t\t [EMAIL PROTECTED] \n, Web:\t\t http://SuperAlberT.it \n\t\t http://www.totocom.net \n, IRC: \t\t #php,#AES irc.azzurra.com \n ICQ UIN: \t\t 158591185; ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9mvqTHT7fKa+io+URAm3/AKCI7Lg4Tg6TXhqUDXsr/gldnCxknwCfRjmw 9ljcFE7zB4IxsTaDZJrjTgo= =XwtH -END PGP SIGNATURE-
Re: [Cooker-firewall] shorewall
Emiliano 'AlberT' Gabrielli [EMAIL PROTECTED] writes: Alle 08:43, martedì 1 ottobre 2002, hai scritto: Hello, ... in that case, you should eventually use the public mandrake cvs ... try the firewall2 module ... eventually install the snf-en packages (in order to be able to test) and, maybe if you really want, you can have a look at this space-separated entries ... ok I'll take a look this WE ... what is the cotrrect CVS_ROOT to set ? cooker/ ? yes, cooker -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker-firewall] shorewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 15:07, venerdì 27 settembre 2002, hai scritto: PS: may I contribute in some way ? sure, with pleasure, do you speak XML/XSLT ? not at the same level of PHP, I just had played with XML. But I understand it quiet well - -- ?php echo Emiliano `AlberT` Gabrielli \n, E-Mail:\t\t [EMAIL PROTECTED] \n, \t\t [EMAIL PROTECTED] \n, Web:\t\t http://SuperAlberT.it \n\t\t http://www.totocom.net \n, IRC: \t\t #php,#AES irc.azzurra.com \n ICQ UIN: \t\t 158591185; ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9mIbZHT7fKa+io+URAmHcAJ0Zu3shD/H0EDyPwEGEBI/V+y55ZwCeNh0x XA6okVn6OmX46qkaXk4nfpw= =Wac3 -END PGP SIGNATURE-
Re: [Cooker-firewall] shorewall
Emiliano 'AlberT' Gabrielli [EMAIL PROTECTED] writes: Alle 13:56, giovedì 26 settembre 2002, hai scritto: + MNF only uses a web interface to configure shorewall ... it does not have + all the features that shorewall has ... due to some frontend/php + limitations. You cannot use space-separated lists, for example. But you Why couldn't one use space separated lists with web interface? because it's not possible with our tool ... XML+php ... I'll have to modify that at some point ... :o) uh ?? I don't understand the problem, I'm a good php-ist and nowaday I can find anything php can't really do... Is it a problem dued to you particular implementation ?!? the php code is automatically generated by xml ... The people that actually initiated the code sequence are not longer 'round ... and didn't have time to have a close look to that part of the code ... as simple as that. PS: may I contribute in some way ? sure, with pleasure, do you speak XML/XSLT ? have a nice day, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker-firewall] shorewall
Radvánszki Gábor [EMAIL PROTECTED] writes: A possibly stupid question: what is in the firewall functionality of MNF that is different from Shorewall? To rephrase the question: If i read the shorewall's features, documentation at http://www.shorewall.net/, is there anything that MNF is not capable of, or works in a different way? Gabor Radvanszki aka Jbone Hungary Hello, MNF only uses a web interface to configure shorewall ... it does not have all the features that shorewall has ... due to some frontend/php limitations. You cannot use space-separated lists, for example. But you almost have everything ... And please consider that shorewall is moving quite often ... so it takes a little time to add the new shorewall features in MNF. But MNF has some other features as it's not a simple firewall (DHCP server configurations, some graphs, caching name server, squid proxy server with url/content filtering ... and other features) have a nice day, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker-firewall] shorewall
On 26 Sep 2002, Florin wrote: + MNF only uses a web interface to configure shorewall ... it does not have + all the features that shorewall has ... due to some frontend/php + limitations. You cannot use space-separated lists, for example. But you Why couldn't one use space separated lists with web interface? -- - Dr. Denis Havlik http://MandrakeForum.com Mandrakesoft ||| e-mail: [EMAIL PROTECTED] Community (@ @)(private: [EMAIL PROTECTED]) --oOO--(_)--OOo- Our housekeeper doesn't do Windows and neither do WE! (L.P. Santuro)
Re: [Cooker-firewall] shorewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 13:56, giovedì 26 settembre 2002, hai scritto: + MNF only uses a web interface to configure shorewall ... it does not have + all the features that shorewall has ... due to some frontend/php + limitations. You cannot use space-separated lists, for example. But you Why couldn't one use space separated lists with web interface? because it's not possible with our tool ... XML+php ... I'll have to modify that at some point ... :o) uh ?? I don't understand the problem, I'm a good php-ist and nowaday I can find anything php can't really do... Is it a problem dued to you particular implementation ?!? PS: may I contribute in some way ? - -- ?php echo Emiliano `AlberT` Gabrielli \n, E-Mail:\t\t [EMAIL PROTECTED] \n, \t\t [EMAIL PROTECTED] \n, Web:\t\t http://SuperAlberT.it \n\t\t http://www.totocom.net \n, IRC: \t\t #php,#AES irc.azzurra.com \n ICQ UIN: \t\t 158591185; ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9kxsxHT7fKa+io+URAsbyAJ4/cjKnMkwnzypOMlMgJxWwEHMz5QCfb5tG J+uG8vIVPQJ2V7UZHn0GfAU= =vm0f -END PGP SIGNATURE-
Re: [Cooker-firewall] Shorewall setup
[EMAIL PROTECTED] writes: Hello, Concerning the default config of shorewall, I suggest that the default rule for wan-all is set to DROP rather than REJECT. I think it's better in term of security (ref. Linux firewalls by R.L. Ziegler). I know that ... this could be done indeed ... The standard sonfiguration is not the most secure one ... nut one has the possibility to restrict even more the firewall policies, rules. In the same spirit, for boxes connected by ADSL or dial-up (and perhaps ISDN but I don't know), I suggest that the interface defined for wan is set up to ppp+. By experience, I've started by using eth1 (where is connected by ADSL modem) and spent some time to find why my connection was not working. it's in the online docs though ... but this could be also feasable. thx for your thoughts, have a nice day, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
Re: [Cooker-firewall] Shorewall setup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 15:18, giovedì 22 agosto 2002, hai scritto: Concerning the default config of shorewall, I suggest that the default rule for wan-all is set to DROP rather than REJECT. I think it's better in term of security (ref. Linux firewalls by R.L. Ziegler). I know that ... this could be done indeed ... The standard sonfiguration is not the most secure one ... nut one has the possibility to restrict even more the firewall policies, rules. I think the default configuration for a FW should be the most secure !! We are not talking about a distro for desktop, it must be secure by default ! - -- ?php echo Emiliano `AlberT` Gabrielli \n, E-Mail:\t\t [EMAIL PROTECTED] \n, \t\t [EMAIL PROTECTED] \n, Web:\t\t http://SuperAlberT.it \n\t\t http://www.totocom.net \n, IRC: \t\t #php,#AES irc.azzurra.com \n ICQ UIN: \t\t 158591185; ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ZLpsHT7fKa+io+URAh7JAJwPycftrktIofEPJefsk/6UISFtoQCffyBd XGQH4HLF/Ghj3aV/zyh7Rfk= =EsUg -END PGP SIGNATURE-