ipchains too old?

From: cam (camccuk@yahoo.com)
Date: 06/06/02


From: camccuk@yahoo.com (cam)
Date: 6 Jun 2002 10:20:57 -0700

Hello all,

I am using a RedHat 6.2 machine running a 2.2.19 kernel since we have
to support various legacy packages. The machine is fully up to date
with all the errata rpms . I would now like to put a firewall in place
before we put it onto our VPN for enterprise-wide access. It runs a
CVS server, ApacheJserv, sshd and qmail - most other services have
been disabled apart from some that are required such as rpc. A nessus
scan of the machine now shows only false positives.

I realise that there is probably not a lot more I can do apart from
get a firewall in place and set up snort or some other nids to keep an
eye on it. My question is whether ipchains is still valuable or is it
simply too old to bother with? I have to stick with the 2.2 kernel so
AFAIK iptables is not an option - I'm just concerned that the ipchains
howto is dated 2000 (this might as well be BC in security terms). On
the other hand, running *any* firewall would make me feel safer about
running rpc and would also allow me to expose some samba shares to our
local developers.

I would also be interested in any other comments on this set up.

Cheers,
cam



Relevant Pages

  • ipchains too old?
    ... I am using a RedHat 6.2 machine running a 2.2.19 kernel since we have ... I would now like to put a firewall in place ... AFAIK iptables is not an option - I'm just concerned that the ipchains ... running rpc and would also allow me to expose some samba shares to our ...
    (comp.os.linux.security)
  • Re: SuSE 7.3 ipchains
    ... > I am trying to configure a Firewall. ... > ipchains does not work: ipchains: incompatible with this kernel. ... you have the iptables module loaded. ...
    (comp.os.linux.security)
  • Re: preventing ping
    ... >> prevent other people from pinging my host. ... >> How can I do it without using a firewall? ... kernel 2.0.36 does not support ipchains firewalling; ...
    (comp.os.linux.security)
  • Re: Two IPs on one interface: cannot assign requested address
    ... > OK, yes, before you ask, kernel is 2.2.20. ... > firewall runs ipchains. ... work, but it has several interface modules, iptables is the most commonly ...
    (uk.comp.os.linux)
  • Re: natd starting after firewall rules are loaded
    ... that I did, in fact, build the kernel with several firewall options, ... kernel and built it, and, since divert is already there, the firewall ... Once the system is up, i can ipfw list and the divert command is, ...
    (freebsd-net)