Message Board -  Archive

[ Login ] [ Create Account ]
[ Board List ] [ View Board ] [ Post Reply ]
  Author  Subject: Re: looking for things to check for ssh(d).

Posted on 01-27-2003 08:48 p.m. ET  reply

Original Poster: Mark Krentel

W.B wrote:
> >>look in /etc/sysconfig/ipchains
> and delete this file if it exists! ipchains is a HUGE security flaw.

Deleting /etc/sysconfig/ipchains without something else to replace it
would leave the machine with no firewall, a very bad idea. And if you
wanted to turn off ipchains, you should do it with ntsysv, not by
deleting that file.

And on what basis do you claim that ipchains is a security flaw??
Is there something in the ipchains or iptables man pages or on the
iptables home page that says this? Are you bad mouthing ipchains in
general, or just the default rules? Although I recommend people should
migrate from chains to tables, claiming that ipchains is a security
hole is seriously misguided. I can find no reason to support that

Dave's machine is under control. I did his install, and when we
finished, I left ipchains turned on because I didn't have anything
else to replace it, even though I knew it would block incoming ssh.
I've since sent him some iptables rules.


< Previous 1 Next >

Site Contents