From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HyvtN-0004Kb-1L for garchives@archives.gentoo.org; Thu, 14 Jun 2007 20:26:05 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5EKOgBs006846; Thu, 14 Jun 2007 20:24:42 GMT Received: from sj-iport-2.cisco.com (sj-iport-2-in.cisco.com [171.71.176.71]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5EKKEE3002047 for ; Thu, 14 Jun 2007 20:20:15 GMT Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-2.cisco.com with ESMTP; 14 Jun 2007 13:20:02 -0700 X-IronPort-AV: i="4.16,422,1175497200"; d="scan'208"; a="379628723:sNHT1436394230" Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id l5EKK1cg026245; Thu, 14 Jun 2007 13:20:01 -0700 Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id l5EKJutV011060; Thu, 14 Jun 2007 20:19:56 GMT Received: from xfe-rtp-202.amer.cisco.com ([64.102.31.21]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Jun 2007 16:19:53 -0400 Received: from [64.101.185.112] ([64.101.185.112]) by xfe-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Jun 2007 16:19:53 -0400 Message-ID: <4671A2E5.2030009@cisco.com> Date: Thu, 14 Jun 2007 15:19:49 -0500 From: Roy Wright User-Agent: Thunderbird 2.0.0.0 (X11/20070420) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org CC: Dale Subject: Re: [gentoo-user] Wha' hoppen to firestarter? References: <9acccfe50706052039w4686c6e5i6e6c586f56b71872@mail.gmail.com> <46663010.4060304@exceedtech.net> <9acccfe50706060635l5e244f0oe669a54e04e3a29d@mail.gmail.com> In-Reply-To: <9acccfe50706060635l5e244f0oe669a54e04e3a29d@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 14 Jun 2007 20:19:53.0091 (UTC) FILETIME=[5DEA5D30:01C7AEC1] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=888; t=1181852401; x=1182716401; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=royw@cisco.com; z=From:=20Roy=20Wright=20 |Subject:=20Re=3A=20[gentoo-user]=20Wha'=20hoppen=20to=20firestarter? |Sender:=20; bh=ZRi1OM2WHGb7Vi+ZruyA6YMg0HKZytglgRAxkBWMNdc=; b=JohHhcO8saNqCafs1ft//n9ucA4FXf0m1jk9SljD8ul8y1fxiyKbkvVhBOa+9hqKZLpJqTCc DUge1vtOQOZZmREgPUY4QWM6WA6B8hrtkI/Rpl/8TeMfhq5sH2Gg8buh; Authentication-Results: sj-dkim-3; header.From=royw@cisco.com; dkim=pass (si g from cisco.com/sjdkim3002 verified; ); X-Archives-Salt: d192bed6-ef77-48bf-9083-fb341270f844 X-Archives-Hash: e6f71ddc9352985e3da62dc41f20ed05 Kevin O'Gorman wrote: > That helps some, but in net-firewall I'm finding a lot of unstable > packages, and no really good idea which ones will be the best for a > personal firewall, let alone which ones are best supported upstream so > this doesn't happen to me again. So I'm interested in > recommendations. What did you switch to? > I just switched to shorewall. I configured it to only allow in SSH, but have one weirdy when I try to test using nmap -v -A -P0 in that sometimes nmap reports only port 22 open and 113 closed as expected, but other times it also reports ports 80, 554, and 1755 open, which has me really confused and concerned. One word of advice on using shorewall, compile the netfilter options in your kernel as modules, not directly linked in... That one lead me on a merry chase until I punted and switched to using modules... HTH, Roy -- gentoo-user@gentoo.org mailing list