Compiling a new kernel, finally... just worried
about one thing...
I'm doing this on a remote machine (very stupid, I
know) and there is an existing ipchains firewall. Now will compiling
and installing this kernel knock out the ipchains stuff, possibly rendering the
server unreachable?
10 and for udp, 810:810.
>
> Also, where 192.168.0.5/24 is, substitute in your IP and subnet mask.
>
> Hope this helps,
>
> Kath
>
> - Original Message -
> From: "Anthony Russello" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Su
where 192.168.0.5/24 is, substitute in your IP and subnet mask.
Hope this helps,
Kath
- Original Message -
From: "Anthony Russello" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, February 04, 2001 11:40 AM
Subject: [techtalk] ipchains
>
> Hi there
Hi there.
I'm having a little trouble understanding the ipchains ruleset. I've read
over a few how-tos, but haven't quite mastered it.
If I had a program that needed TCP port 510 and UDP port 810, how would I
go about setting that up to run through ipchains?
If someone knows a comprehensive h
Nancy Corbett wrote:
> I've worked with Squid in the past and it is pretty nifty. Its primarily
> a caching software. I believe you have to tweek the code to get it to
> filter. The company I worked for used it for filtering and it
the code doesnt need to be hack - squid.conf has acl's and t
> I believe their web site is:
>
> http://www.squid.org
Cool web site, not squid. Here's the one you need :
http://squid.nlanr.net/
Jeramia
[EMAIL PROTECTED] http://www.linuxchix.org
> I know my husband's company filters using Squid and code they've written
> themselves, I'm not sure whether Squid has filtering capacity on it's own,
> though.
>
> I *know* it can be coded on. I just don't know if it does it.
>
Jenn,
I've worked with Squid in the past and it is pretty nif
Sriram-HO wrote:
>
> Jenn
>
> I have a project to complete. In the site we have implemented Checkpoint
> Firewall 1 ver 4.1 on a NT box. On the other NT box we have Trend Enterprise
> CVP server. Now the site runs IIS on the NT which also runs Check point.
> They have a Linux box there which run
Cheers
> Sriram
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Thursday, March 02, 2000 1:08 PM
> Subject: Re: [techtalk] IPCHAINS
>
>
> >Hey Sriram,
> >Plenty of
Hey Jenn,
I believe CheckPoint is a commercial firewall product and VPN. It is
made by the company Checkpoint. Supposedly a really good product. We have
it here but use BSD.
Regards,
Harry Hoffman
Product Systems Specialist
Restaurants Unlimited Inc.
206.634.3082 x. 270
On Thu, 2 Mar 2000 [EMA
;d recommend turning logging on for denied packets for a while, it does
> help in debugging the IPChain rules!
>
> Alex.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday 02 March 2000 08:47
> To: [EMAIL PROTECTED]
> Sub
which runs on
Linux from the Checkpoint box for any outbound connection and do the
filtering at that point.
Cheers
Sriram
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, March 02, 2000 4:40 PM
Subject: R
Sriram-HO wrote:
>
> url filtering which can be integrated with check point.
So websense is url filtering (in a Net Nanny sense?) .. so .. what's
check point? Is it necessary for you to have check point (whatever it
is) in your URL filter?
Sorry. I can't help if I don't know these things.
Je
Sriram-HO wrote:
> Also is there any tool for Linux something like websense?
prompt%: apropos websense^M
(translation: what the is websense?)
Jenn V.
--
Humans are the only species to feed and house entirely separate species
for no reason other than the pleasure of their company. W
to do with it).
I'd recommend turning logging on for denied packets for a while, it does
help in debugging the IPChain rules!
Alex.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday 02 March 2000 08:47
To: [EMAIL PROTECTED]
Subject: Re: [techta
url filtering which can be integrated with check point.
Cheers
Sriram
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, March 02, 2000 2:02 PM
Subject: Re: [techtalk] IPCHAINS
>Sriram-HO wrote:
>
Hey Harry
Where do I get mason? I would appreciate a response on this.
Cheers
Sriram
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, March 02, 2000 1:08 PM
Subject: Re: [techtalk] IPCHAINS
>Hey
Hey Sriram,
Plenty of HowTo's on ipchains., Packet filtering can be done thru them. I
would suggest checking out mason if you're new to the ideas of
firewalling. Mason automates the ipchains creation by listening to the
traffic going thru you network. That is how I learned. Took my network
down fo
Hi all
Is there any detailed step by step document on IPCHAINS?
I want to implement ipmasq and do some kind of packet filtering.
Also is there any tool for Linux something like websense?
Cheers
Sriram
[EMAIL PROTECTED] http://www.linuxchix.org
- Original Message -
From: Walt <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 29, 2000 3:53 PM
Subject: [techtalk] ipchains -- allowing specific IP's
> I assume that this must be possible, using
> ipchains... (and, btw, I don't mind read
Hi Walt,
To answer your questions indirectly at least, may I suggest the following
url as there is an abundance of good info there:
http://www.linuxstart.com
Regards,
Phil
At 12:53 29/01/00 -0800, you wrote:
>Currently I'm using ip-masquerading to pass
>internet access to my local network.
>
Walt wrote:
>
> Can I only allow certain IP addresses on
> my network to get 'out'?
I believe so.
> or, better yet,
> allow activity on only certain ports to have
> outside access?
This is a definate - hunting through the firewalling HOWTOs and
FAQs (or finding a firewall example) will sho
Currently I'm using ip-masquerading to pass
internet access to my local network.
I assume that this must be possible, using
ipchains... (and, btw, I don't mind reading
the manual, but I tend to learn a _lot_
easier from example type things...)
Can I only allow certain IP addresses on
my networ
Excerpts from linuxchix: 24-Jan-100 RE: [techtalk] ipchains log.. by
Brian [EMAIL PROTECTED]
> y2k?
No. It's just like 99 for 1999. An aesthetic issue. This is a fairly
cramped UI, and there's no room for 4 digit dates.
[EMAIL PROTECTED] http://www.linuxchix.org
TED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 24, 2000 12:03 PM
Subject: RE: [techtalk] ipchains logs and nmap audit (fwd)
> On Jan 24, Brian Engle conjectured:
>
> > sorry to be nitpicky
> >
> > > From: Laurel Fan [mailto:[EMAIL PROTECTED]]
> > &
On Jan 24, Brian Engle conjectured:
> sorry to be nitpicky
>
> > From: Laurel Fan [mailto:[EMAIL PROTECTED]]
> >
> > Excerpts from linuxchix: 23-Jan-100 Re: [techtalk] ipchains log.. by
>^^
> y2k?
Actually, it's pro
sorry to be nitpicky
> -Original Message-
> From: Laurel Fan [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 23, 2000 1:15 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [techtalk] ipchains logs and nmap audit (fwd)
>
>
> Excerpts from linuxchix: 23-Jan-100 Re:
Cool. I have to go and re-install the kernel files and take a look.
Thanks.
Beverly
On Sun, 23 Jan 2000, Laurel Fan wrote:
> Excerpts from linuxchix: 23-Jan-100 Re: [techtalk] ipchains log.. by
> Beverly [EMAIL PROTECTED]
> > What exactly is printk()? I haven't found any
> It is the print function for the kernel routines. I don't know the
> workings of the output of this fuction yet.
It's just like printf, without a lot of the bells and whistles (no
floating-point, numbered arguments, etc).
Jeff
[EMAIL PROTECTED]
On 0, Beverly Guillermo <[EMAIL PROTECTED]> wrote:
> I was looking at the ipchains manpage and I got this about the option that
> you're using.
>
>
>-l, --log
> Turn on kernel logging of matching packets. When
> this option is set for a rule, the Linux
On Sun, 23 Jan 2000 00:37:02 -0500 (EST), Beverly Guillermo <[EMAIL PROTECTED]> said:
>What exactly is printk()? I haven't found any information about that
>particular function.
printk is a function in the kernel. It's not callable from user
software. printk is essentially printf for the kern
Beverly Guillermo <[EMAIL PROTECTED]> writes:
> I was looking at the ipchains manpage and I got this about the option that
> you're using.
>
>
>-l, --log
> Turn on kernel logging of matching packets. When
> this option is set for a rule, the Linux ker
> What exactly is printk()? I haven't found any information about that
> particular function.
And the reason that this internal kernel function is appearing in user-level
docs is that printk'd stuff shows up in the log.
Jeff
[EMAIL PROTECTED] h
I was looking at the ipchains manpage and I got this about the option that
you're using.
-l, --log
Turn on kernel logging of matching packets. When
this option is set for a rule, the Linux kernel
will print some information of all matching
Excerpts from linuxchix: 23-Jan-100 Re: [techtalk] ipchains log.. by
Beverly [EMAIL PROTECTED]
> What exactly is printk()? I haven't found any information about that
> particular function.
It's in /usr/src/linux/kernel/printk.c in my kernel.
[EMAIL P
I was looking at the ipchains manpage and I got this about the option that
you're using.
-l, --log
Turn on kernel logging of matching packets. When
this option is set for a rule, the Linux kernel
will print some information of all matching
I have several ipchain rules. One of them is:
ipchains -A input -i ppp0 -p TCP --destination-port 21 -l -j DENY
Why are these ipchains not doing any logging? I do have the -l option
invoked for logging. The packet is supposed to be denied at the IP level
and then logged into syslog. When I try
37 matches
Mail list logo
