From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IdaBS-00063v-T7 for garchives@archives.gentoo.org; Thu, 04 Oct 2007 23:32:47 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l94NL7Nk031912; Thu, 4 Oct 2007 23:21:07 GMT Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l94NL645031907 for ; Thu, 4 Oct 2007 23:21:06 GMT Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Ida01-0008L8-Ce for gentoo-amd64@lists.gentoo.org; Thu, 04 Oct 2007 23:20:57 +0000 Received: from ip68-230-96-73.ph.ph.cox.net ([68.230.96.73]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 04 Oct 2007 23:20:57 +0000 Received: from 1i5t5.duncan by ip68-230-96-73.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 04 Oct 2007 23:20:57 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-amd64@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-amd64] Re: KISS firewall not working on Gentoo Hardened Date: Thu, 4 Oct 2007 23:20:44 +0000 (UTC) Message-ID: References: <470438AA.8040502@singnet.com.sg> <4705370A.4010709@getdesigned.at> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-amd64@gentoo.org Reply-to: gentoo-amd64@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: ip68-230-96-73.ph.ph.cox.net User-Agent: Pan/0.132 (Waxed in Black) Sender: news X-Archives-Salt: 470a3b7e-163a-4bf3-bc31-2cb1757ffe4e X-Archives-Hash: 995b959f45b2b7a7cc8dc7db33e1cf3f Sebastian Redl posted 4705370A.4010709@getdesigned.at, excerpted below, on Thu, 04 Oct 2007 20:55:06 +0200: > Configuring this is easy enough in IPTables (I did learn them somewhat, > out of interest, though I've forgotten a lot, too), but it's really, > really easy in shorewall. Interestingly, shorewall was one I tried... and got frustrated with. It has likely improved since then, but that much? The other possibility is that I was trying something a bit more advanced than what you need, and too advanced for it (back then?). > In all the years I've used Gentoo now, I can only say that I'm highly > satisfied with the program. The only negative point I can find is that > it always wants to overwrite all the configuration files on an upgrade. Try setting INSTALL_MASK appropriately in make.conf, set to the shorewall subdir or whatever. I've never actually used this portage feature, but it's supposed to work quite well. The effect would be that anything that matched wouldn't be installed. It's the usual recommendation from the portage devs for stuff like that. (I've been thinking about trying it for *.la files, since the way they work is a pain for Gentoo users and I read of someone doing it to good effect, but I've not gotten around to it yet.) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- gentoo-amd64@gentoo.org mailing list