On Thu, Dec 12, 2002 at 04:18:17PM -0500, Raymond Wood wrote:
There have been several responses to Yogesh's question, but none
of them provide a clear and straightforward answer.
Ok. Let me try again: this is a security risk.
A gateway firewall _needs_ to be setup the following way:
0.-
On Thu, 12 Dec 2002 at 01:07:48PM -0800, Jeremy A. Puhlman wrote:
Actually that seems to be a highly secure firewall...Firewalls with no power cannot
be compromised via the network:-)
Wake on Lan? :)
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
On Fri, Dec 13, 2002 at 09:25:02AM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
On Thu, Dec 12, 2002 at 04:18:17PM -0500, Raymond Wood wrote:
There have been several responses to Yogesh's question, but none
of them provide a clear and straightforward answer.
Ok. Let me try again: this is
On Fri, Dec 13, 2002 at 05:17:09PM +0200, Pavel Minev Penev wrote:
/etc/network/interfaces
pre-up
I know you can do it there. Unfortunately, firewall packages in
debian (even ones I have packaged) do not do this properyl (yet).
Regards
Javi
On Thu, Dec 12, 2002 at 01:07:48PM -0800, Jeremy A. Puhlman wrote:
Actually that seems to be a highly secure firewall...Firewalls with no power
cannot
be compromised via the network:-)
Neither can this one:
http://www.ranum.com/pubs/a1fwall/
:)
Javi
pgprCjwQ1Z3Sc.pgp
On Thu, Dec 12, 2002 at 04:18:17PM -0500, Raymond Wood wrote:
There have been several responses to Yogesh's question, but none
of them provide a clear and straightforward answer.
Ok. Let me try again: this is a security risk.
A gateway firewall _needs_ to be setup the following way:
0.-
On Thu, 12 Dec 2002 at 01:07:48PM -0800, Jeremy A. Puhlman wrote:
Actually that seems to be a highly secure firewall...Firewalls with no power
cannot
be compromised via the network:-)
Wake on Lan? :)
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O -
On Fri, Dec 13, 2002 at 09:25:02AM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
On Thu, Dec 12, 2002 at 04:18:17PM -0500, Raymond Wood wrote:
There have been several responses to Yogesh's question, but none
of them provide a clear and straightforward answer.
Ok. Let me try again: this is
On Fri, Dec 13, 2002 at 05:17:09PM +0200, Pavel Minev Penev wrote:
/etc/network/interfaces
pre-up
I know you can do it there. Unfortunately, firewall packages in
debian (even ones I have packaged) do not do this properyl (yet).
Regards
Javi
pgpv1X9dTJ7IA.pgp
On Fri, Dec 13, 2002 at 05:47:19PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
On Fri, Dec 13, 2002 at 05:17:09PM +0200, Pavel Minev Penev wrote:
/etc/network/interfaces
pre-up
I know you can do it there. Unfortunately, firewall packages in
debian (even ones I have
- Original Message -
From: Matt Zimmerman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 12, 2002 12:55 PM
Subject: Re: init.d startup sequence for shorewall
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh Sharma wrote:
networking comes up at S35 in runlevel 0
On Thu, Dec 12, 2002 at 03:55:56PM -0500, Matt Zimmerman remarked:
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh Sharma wrote:
networking comes up at S35 in runlevel 0 so my internet is
up and there is no firewall running so far.
runlevel 0 is system shutdown and halt. The network is
On Thu, 2002-12-12 at 12:55, Matt Zimmerman wrote:
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh Sharma wrote:
networking comes up at S35 in runlevel 0 so my internet is up and there
is no firewall running so far.
runlevel 0 is system shutdown and halt. The network is not brought up
networking comes up at S35 in runlevel 0 so my internet is up and there
is no firewall running so far.
runlevel 0 is system shutdown and halt. The network is not brought up in
this runlevel. :-)
Actually that seems to be a highly secure firewall...Firewalls with no power cannot
On Thu, 2002-12-12 at 15:07, Jeremy A. Puhlman wrote:
- Original Message -
From: Matt Zimmerman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 12, 2002 12:55 PM
Subject: Re: init.d startup sequence for shorewall
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh Sharma wrote:
networking comes up at S35 in runlevel 0 so my internet is up and there
is no firewall running so far.
runlevel 0 is system shutdown and halt. The network is not brought up in
this runlevel. :-)
--
- mdz
- Original Message -
From: Matt Zimmerman [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Thursday, December 12, 2002 12:55 PM
Subject: Re: init.d startup sequence for shorewall
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh Sharma wrote:
networking comes up at S35
On Thu, Dec 12, 2002 at 03:55:56PM -0500, Matt Zimmerman remarked:
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh Sharma wrote:
networking comes up at S35 in runlevel 0 so my internet is
up and there is no firewall running so far.
runlevel 0 is system shutdown and halt. The network is
On Thu, 2002-12-12 at 12:55, Matt Zimmerman wrote:
On Wed, Dec 11, 2002 at 05:39:37PM -0800, Yogesh Sharma wrote:
networking comes up at S35 in runlevel 0 so my internet is up and there
is no firewall running so far.
runlevel 0 is system shutdown and halt. The network is not brought up
networking comes up at S35 in runlevel 0 so my internet is up and there
is no firewall running so far.
runlevel 0 is system shutdown and halt. The network is not brought up in
this runlevel. :-)
Actually that seems to be a highly secure firewall...Firewalls with no power
On Thu, 2002-12-12 at 15:07, Jeremy A. Puhlman wrote:
- Original Message -
From: Matt Zimmerman [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Thursday, December 12, 2002 12:55 PM
Subject: Re: init.d startup sequence for shorewall
On Wed, Dec 11, 2002 at 05:39:37PM
On Tue, 2002-12-10 at 16:37, Kuba Jakubik wrote:
Yogesh Sharma wrote:
In my opinion shorewall must be started as soon as network is up.
can't you just mv S90shorewall S35shorewall ?
Yes, I can move this link but question is for security. In my opinion
this should be fixed in package
On Tue, 2002-12-10 at 22:05, Gene wrote:
can you elaborate on your question, since you're using the box as a
firewall, this particular service should be up first to ensure that your
perimeter is in check.. also, if this is your gateway host, how else
would you get your internal network to
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall must be started as soon as
Yogesh Sharma wrote:
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall must
On Tue, Dec 10, 2002 at 03:39:35PM -0800, Yogesh Sharma wrote:
In my opinion shorewall must be started as soon as network is up.
What does list sugguests ? Is this a security problem ?
Yes this is a security issue, if you take iptables, for example, it is run
in S10. Any firewalling script
On Tue, 2002-12-10 at 16:37, Kuba Jakubik wrote:
Yogesh Sharma wrote:
In my opinion shorewall must be started as soon as network is up.
can't you just mv S90shorewall S35shorewall ?
Yes, I can move this link but question is for security. In my opinion
this should be fixed in package
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall must be started as soon as
Yogesh Sharma wrote:
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall
On Tue, Dec 10, 2002 at 03:39:35PM -0800, Yogesh Sharma wrote:
In my opinion shorewall must be started as soon as network is up.
What does list sugguests ? Is this a security problem ?
Yes this is a security issue, if you take iptables, for example, it is run
in S10. Any firewalling script
30 matches
Mail list logo
