Re: iptables: "stateful inspection?"

2000-12-22 Thread Michael Rothwell
Felix von Leitner wrote: > > > IPChains is essentially useless as a firewall due to its lack of > > stateful packet filering. > > Bullshit. > Go back to the bowels or Redmond where you belong, luser. Thanks. I appreciate that. -M - To unsubscribe from this list: send the line "unsubscribe linu

Re: iptables: "stateful inspection?"

2000-12-20 Thread George
On Wed, 20 Dec 2000, Michael Rothwell wrote: >"Michael H. Warfield" wrote: >> I think that's more than a little overstatement on your >> part. It depends entirely on the application you intend to put >> it to. > >Fine. How do I make FTP work through it? How can I allow all outgoing >TCP

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael Rothwell
Alan Cox wrote: > There have been at least five holes found in pile that _could_ have been > [speech] > safe is the day you end up hurt. Your specific example of an executable (windows) attachment, not buffer overflows, etc. what what I was replying to. In general, you are correct. Now, how abou

Re: iptables: "stateful inspection?"

2000-12-20 Thread Alan Cox
> Alan Cox wrote: > > It does SYN checking. If you are running 'serious' security you wouldnt be > > allowing outgoing connections anyway. One windows christmascard.exe virus that > > connects back to an irc server to take input and you are hosed. > > Thankfully, pine and mutt are, to date, immun

Re: iptables: "stateful inspection?"

2000-12-20 Thread Dax Kelson
Michael Rothwell said once upon a time (Wed, 20 Dec 2000): > Alan Cox wrote: > > > It does SYN checking. If you are running 'serious' security you wouldnt be > > allowing outgoing connections anyway. One windows christmascard.exe virus that > > connects back to an irc server to take input and you

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael Rothwell
Alan Cox wrote: > It does SYN checking. If you are running 'serious' security you wouldnt be > allowing outgoing connections anyway. One windows christmascard.exe virus that > connects back to an irc server to take input and you are hosed. Thankfully, pine and mutt are, to date, immune to that k

Re: iptables: "stateful inspection?"

2000-12-20 Thread Alan Cox
> "Michael H. Warfield" wrote: > > I think that's more than a little overstatement on your > > part. It depends entirely on the application you intend to put > > it to. > > Fine. How do I make FTP work through it? How can I allow all outgoing Passive mode or a proxy. > TCP connectio

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael H. Warfield
Hello all! On Wed, Dec 20, 2000 at 01:08:07PM -0500, Michael H. Warfield wrote: > On Wed, Dec 20, 2000 at 12:52:27PM -0500, Michael Rothwell wrote: > > "Michael H. Warfield" wrote: > > > You can use spf to add some stateful inspection for PORT mode > > > ftp. Personally, I like the masq

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael H. Warfield
On Wed, Dec 20, 2000 at 12:52:27PM -0500, Michael Rothwell wrote: > "Michael H. Warfield" wrote: > > You can use spf to add some stateful inspection for PORT mode > > ftp. Personally, I like the masquerading option better, though. > Can you give an example of using MASQ selectively? I h

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael Rothwell
"Michael H. Warfield" wrote: > You can use spf to add some stateful inspection for PORT mode > ftp. Personally, I like the masquerading option better, though. Can you give an example of using MASQ selectively? I have real addresses on both sides of the firewall, but want things like FTP

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael H. Warfield
IL PROTECTED] > > Subject: Re: iptables: "stateful inspection?" > > "Michael H. Warfield" wrote: > > > I think that's more than a little overstatement on your > > > part. It depends entirely on the application you intend to put &

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael H. Warfield
On Wed, Dec 20, 2000 at 11:30:15AM -0500, Michael Rothwell wrote: > "Michael H. Warfield" wrote: > > I think that's more than a little overstatement on your > > part. It depends entirely on the application you intend to put > > it to. > Fine. How do I make FTP work through it? How can

Re: iptables: "stateful inspection?"

2000-12-20 Thread David Lang
On Wed, 20 Dec 2000, Michael Rothwell wrote: > Date: Wed, 20 Dec 2000 11:30:15 -0500 > From: Michael Rothwell <[EMAIL PROTECTED]> > To: Michael H. Warfield <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: iptables: "stateful inspection?" > >

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael Rothwell
"Michael H. Warfield" wrote: > I think that's more than a little overstatement on your > part. It depends entirely on the application you intend to put > it to. Fine. How do I make FTP work through it? How can I allow all outgoing TCP connections without opening the network to inbound

Re: iptables: "stateful inspection?"

2000-12-20 Thread Michael H. Warfield
On Wed, Dec 20, 2000 at 11:18:10AM -0500, Michael Rothwell wrote: > IPChains is essentially useless as a firewall due to its lack of I think that's more than a little overstatement on your part. It depends entirely on the application you intend to put it to. It may be entirely useless T

iptables: "stateful inspection?"

2000-12-20 Thread Michael Rothwell
IPChains is essentially useless as a firewall due to its lack of stateful packet filering. Will the IPTables code in 2.4 maintain connection state? -M - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at htt