Your users have no need to do SLIST from their Linux workstations, so you can either remove it or make it root-executable only. Of course, as you said, if you remove IPX is should not be an issue, however do your Linux workstations use IPX for NetWare access - or do you have current NetWare using only IP ? Up to you. If users cannot run slist (only root should if at all) then the firewall situation would be not as important - but if you do add the fw rules then you have that much more security. Overkill doesn't usually hurt.
"Martinez, Michael - CSREES/ISTM" <[EMAIL PROTECTED]> wrote .. > tightening up would have to be done at two places: the firewall; and my > Linux boxes. I handle the LInux boxes, so leet's talk about that. > > - If I don't have IPX support compiled into the kernel, then there's no > issue, is there. There's no way someone could issue slist commands through > my box. > > - If I do have IPX support compiled in, and need to keep it for whatever > reason (not allowed to recompile the kernel or whatever), then all I do > is > remove ipx from /etc/services, right. That should take care of it. > > I don't need to mess with ipchains.... or do I?
