[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Firewall stuff

To: "Chris J/#6" <sixie@nccnet.co.uk>, "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Firewall stuff
From: "Robert Speed" <nospam [at] Viclabs.co.uk>
Date: Thu, 7 Dec 2000 09:01:43 +0000
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Organization: Vickers Laboratories Ltd
Priority: normal
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

> It won't stop httpd requests [unless running httpd from inetd]
> It won't stop smbd/nmbd requests [unless running smbd from inetd] It
> won't stop DNS requests It won't stop anyone connecting to your X
> server It won't stop anything else running as a standalone daemon
> *unless* that daemon has TCP wrappers support built in.

Why the clucking bell would people be running X, httpd or smbd on 
a firewall ?
Or are you talking about 1 machine here? i.e. one box connected 
to the outside world.

Having said all that, I was recently called out to solve a problem on
a firewall (and at a web design company as well), and they quite 
happily ran X on the firewall box.
Hmmm I thought, first things first - init 3

Why oh why do people do this and take up resources on a 
machine that simply forwards/filters packets...
I could have gone to town on this, but the sysadmin happens to be 
a friend - at least he knows now...

Oh, and the reason the firewall wouldn't work - "someone" had 
been "looking at" with /etc/sysconfig/network-scripts/eth0(1)
and /etc/rc.d/init.d/network just to "see what they did".
Pitty they stuffed it up then...
Still, it's money in the bank to me... :-)




> 
> Also, why do people still use hosts.deny? It's much easier to do away
> with that and stick with hosts.allow and the TCP wrapper extentions
> that give the ALLOW and DENY keyword. "man  5 hosts_options" for more
> on them - very flexible... :)


Rob Speed,
Systems Analyst/Programmer.
Vickers Laboratories Ltd.
Grangefield Industrial Estate, Pudsey, Leeds LS28 6QW
Switchboard: +44 (0)113 236 2811   Fax: +44 (0)113 236 2703

All opinions are my own and ! Vickers.
< Press space once to quit, or twice to save entire work >
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Firewall stuff
  - From: "Chris J/#6" <sixie [at] nccnet.co.uk>
- Re: [Sheflug] Firewall stuff
  - From: "Alex Hudson" <home [at] alexhudson.com>

References:
- [Sheflug] Firewall stuff
  - From: "Robert Speed" <RobS [at] Viclabs.co.uk>
- Re: [Sheflug] Firewall stuff
  - From: "Chris J/#6" <sixie [at] nccnet.co.uk>

Prev by Date: Re: [Sheflug] Re: Open Office
Next by Date: RE: [Sheflug] Firewall stuff
Prev by thread: Re: [Sheflug] Firewall stuff
Next by thread: Re: [Sheflug] Firewall stuff
Index(es):
- Date
- Thread