Re: [PATCH] Warn people that ipchains and ipfwadm are going away.
From: Gene Heskett
Date: Wed Sep 22 2004 - 07:46:21 EST
On Wednesday 22 September 2004 08:05, Richard B. Johnson wrote:
>On Wed, 22 Sep 2004, Martin Josefsson wrote:
>> On Wed, 22 Sep 2004, Richard B. Johnson wrote:
>> > > Sure, but you have to start somewhere. Next step will be
>> > > #error. Then finally remove the whole thing (I don't want to
>> > > remove the whole thing to start with, since that would create
>> > > a silent failure).
>> > >
>> > > Cheers,
>> > > Rusty.
>> > > --
>> >
>> > What replaces the firewall stuff? It can't just "go away"!
>>
>> Ever heard of iptables?
>>
>> /Martin
>
>I guess I'll have to convert 1340 lines of ipchains commands to
>iptables -yech!
Ouch! If it takes 1340 lines of ipchains commands, a direct
translation to iptables syntax is both counter-productive and
extremely wastefull of system resources, cpu in particular. I
admittedly have a dsl router in front of my machine, so it does 99%
of that job, but if I wanted to put up with the idiosyncracies of the
Roaring Penguin PPPoE, I could skip the router and be just as secure
with the less than 30 active lines of my present iptables script.
With the router, I'm invisible to the outside world. Of course that
does restrict me some as I've not figured out how to drill a hole
thru all that to allow a torrent server to function. The peace of
mind is worth that loss IMO. Its been over a year now since
portsentry-1.1 saw a trigger and logged it.
Humm, thats a lie, from the firewalls /var/log/messages.1 file:
[root@gene root]# grep attackalert /var/log/messages*
/var/log/messages.1:Sep 16 18:09:16 gene portsentry[1159]:
attackalert: UDP scan from host: home1.bellatlantic.net/199.45.32.43
to UDP port: 32771
/var/log/messages.1:Sep 16 18:09:16 gene portsentry[1159]:
attackalert: Host 199.45.32.43 has been blocked via wrappers with
string: "ALL: 199.45.32.43"
/var/log/messages.1:Sep 16 18:09:17 gene portsentry[1159]:
attackalert: Host 199.45.32.43 has been blocked via dropped route
using command: "/sbin/iptables -I INPUT -s 199.45.32.43 -j DROP"
/var/log/messages.1:Sep 16 18:09:17 gene portsentry[1159]:
attackalert: UDP scan from host: home1.bellatlantic.net/199.45.32.43
to UDP port: 32771
/var/log/messages.1:Sep 16 18:09:17 gene portsentry[1159]:
attackalert: Host: home1.bellatlantic.net/199.45.32.43 is already
blocked Ignoring
Time to send another nastygram to verizon since thats one of their
nameservers, and clear out that address from the hosts.deny file.
FWIW, the last time that happened, in April 2003, the hack attempt
trashed a siemans router and I had to replace it with that linksys.
Must be time to change the user and password in it again too...
FWIW, verizon has apparently a problem keeping their nameservers from
being hacked.
>I had convert something to ipchains a couple of years ago.
>That's when I only had to kill-off only about 100 spam-hosts.
>
>Now I gotta convert again. Soon they'll be replacing `ls`
>with `echo *` and nothing will work.
Surely you jest?
>Cheers,
>Dick Johnson
>Penguin : Linux version 2.4.26 on an i686 machine (5570.56
> BogoMips). Note 96.31% of all statistics are fiction.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/