From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1ED6Ls-000636-JV for garchives@archives.gentoo.org; Wed, 07 Sep 2005 20:17:02 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j87KBqVl017231; Wed, 7 Sep 2005 20:11:52 GMT Received: from smtp19.wxs.nl (smtp19.wxs.nl [195.121.6.15]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j87K6NJx026461 for ; Wed, 7 Sep 2005 20:06:23 GMT Received: from [10.0.0.150] (ip3e83ab52.speed.planet.nl [62.131.171.82]) by smtp19.wxs.nl (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IMG003X0QOILO@smtp19.wxs.nl> for gentoo-user@lists.gentoo.org; Wed, 07 Sep 2005 22:09:56 +0200 (CEST) Date: Wed, 07 Sep 2005 22:09:44 +0200 From: Holly Bostick Subject: Re: [gentoo-user] Re: iptables example on Gentoo In-reply-to: To: gentoo-user@lists.gentoo.org Message-id: <431F4908.1000400@planet.nl> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-version: 1.0 Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 7BIT X-Accept-Language: nl-NL, nl, en User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050803) X-Enigmail-Version: 0.92.0.0 References: <431E2E2A.3070806@gmail.com> <002c01c5b3ad$314fe1c0$4501010a@jnetlab.lcl> <431F2E02.4090909@planet.nl> X-Archives-Salt: 3af016c6-5cfa-4c78-8bd7-a8bb65930e3c X-Archives-Hash: 5dbff74ed3e3c512ecbdb3ef994ea24d James schreef: > Holly Bostick planet.nl> writes: > > >> Good morning, this is the general users list. If you want the >> security experts, try > > >> gentoo-security For the discussion of security issues and fixes >> gentoo-hardened For a security hardened version of Gentoo > > > You mean I have to go to this group to find detailed documentation in > iptables/netfilter rulesets that are indeed secure, published, and > used in more than one place? I mean that if such documentation exists, that group would be much more likely to know where it is (because that group is focused on such issues and knowledge) than this group would be (where such knowledge is more likely to be a random roll of the dice as to whether anyone around today happens to know about it). Now, of course for detailed documentation on iptables/netfilter, the place to start, for me, at least, would be http://www.iptables.org/documentation/index.html#documentation-howto . As for 'published rulesets', well, so far I've found http://linux.unimelb.edu.au/server/course/fc3/iptables.html (see examples) http://www.hackinglinuxexposed.com/articles/20021008.html http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/examples/rc.firewall-iptables http://www.linux.org/docs/ldp/howto/IP-Masquerade-HOWTO/ (see http://www.linux.org/docs/ldp/howto/IP-Masquerade-HOWTO/stronger-firewall-examples.html#RC.FIREWALL-IPTABLES-STRONGER) http://www.linuxtopia.org/Linux_Firewall_iptables/index.html (see example scripts beginning at http://www.linuxtopia.org/Linux_Firewall_iptables/x5753.html) http://forums.gentoo.org/viewtopic-p-1436652-highlight-iptables+rulesets.html?sid=b777f7a8f3ef392e9cb4d14f0bcccfa1#1436652 That's all the Googling I feel like right now, but I'm sure that gentoo-security might know more places such things are likely to be found (especially any gentoo-specific resources). > > >> That's all I'm going to say in the face of all this needlessly >> insulting behaviour. > > > Holly, I have not nor do not intend to insult or constipate anyone. > Sincere apologies. However, I find this very strange that published > rulesets do not exist for iptables/netfilter, for simple and common > things lick a home-office router with (3) nics, including LAN, WAN > and DMZ with optional web and dns(internal) servers. If you find my > sharing these thoughts with you, and the 50 times I've had to write > that I'm interested in iptables/netfilters and not shorewall, then I > think you are a bit too sensitive about divergent opinions. >> The really funny thing is a year ago, this list was full of persons >> that debunked OpenBSD's security supremacy. Now all I'm getting is >> a lot of 'hot air' and 'bull-loney'. Why are so many people scared >> to manage there own firewall rulesets directly? This is not a 'divergent opinion'.. it is an opinion, true, but there is nothing for it to diverge from (since this is not a debate about OpenBSD's supremacy or lack thereof, nor about whether anyone is 'scared' to manage their own rulesets directly). >> I thought (gentoo)linux was suppose to be equal to or superior to >> OpenBSD for security and every other aspect of computing? This is not a 'divergent opinion', because this is again not a debate over, nor is this a forum for debate concerning, whether Gentoo is superior to anything at all, this is a user help mailing list. >> (Booo) Excuse me? This is somehow not a taunt? Whatever. Though what I wonder is, is iptables under BSD so radically different than iptables under Linux that somehow you can't simply use or adapt the oh-so-easy BSD rulesets that you already have to your current conditions? Or, I would wonder, if I didn't have concerns that I value higher taking priority over my thinking about this at all. Holly -- gentoo-user@gentoo.org mailing list