[broken record] Still no topic for next GLLUG meeting...

Adam bsdx@looksharp.net
Mon, 24 Jul 2000 16:28:19 -0400 (EDT) 

On Mon, 24 Jul 2000, Edward Glowacki wrote:

>On Mon, 24 Jul 2000, Adam wrote:
>> >I haven't been keeping track of FreeBSD development, still running 3.4-RELEASE here at work.  It sounds like cool stuff coming though! =)  Are you going to be at the next meeting Adam?  And would you be interested in doing the FreeBSD install?  =)  For whatever reason, I'm not really excited about doing a FreeBSD install this weekend. =(  
>> 
>> whoa thats a long line you typed
>
>Damn, forgot to word-wrap again. =P  I gotta find a faster, more
>convenient way to wordwrap my email... =P  Right now I have to do
>a whole sequence of commands (8 keypresses plus one per line to be
>formatted) to pass a region of text through "fmt", or manually do
>my own formatting which is a pain in the butt!
>
>> yea i sure am interested but I'd have to drive 1.5 hours just to get there
>> and I have a family member to take care of who just came out of the
>> hospital today (appendectomy), maybe in a few weeks after school is back
>> in session (homework? whats that! homework doesnt exist until daylight of
>> an exam day!)
>
>Would you like to postpone the FreeBSD install until you are around?  I've
>already done a presentation to the group, and I have enough stuff to do
>other ones, if you wanted to take the FreeBSD one, that would be cool,
>spread the presenting around a bit (so we can have someone other than
>Alan and pfaffben talking all the time... ;) ).  That still leaves
>me firewalls for this weekend if everyone is interested, or we can pull
>something else out of thin air! ;)  

I'd like to do that but Im not going to stop you if you wanted to =)
Thinking about the firewall stuff,  I think a general awareness of what
stuff is good and bad to block(rlogin, pop, imap, telnetd, sshd, ftpd,
portmap(sunrpc), X, etc)  would probably fill enough presentation
time if you found a moderate to tight firewall rule set and just explained
what the rules do and why you want them.. specifics on commands are of
course more practically useful but since I dont think most of us are
putting machines infront of bank servers, its probably more useful to get
a grasp on *what* to firewall and then work on how.  For example, if you
are doing tight rules, blocking all in to your dns server except from port
53 is bad because that lets anyone bypass the firewall by sending packets
from port 53. Likewise, blocking icmp completely is bad because it
prevents router discovery,  messages about how or not to fragment packets,
and screws traceroute and ping.

Maybe a simple config would be more suited... :)

Also if we go into commands maybe we should use a stateful firewall that
is supported on most/all the common OS's, ipfilter.  I have not used it
myself but in a heterogenous server environment I'd look into it because
it would provide a consistant command interface on linux, *bsd, others?

>
>-- 
>Edward Glowacki			glowack2@msu.edu
>Network Services		
>Michigan State University	
>
>_______________________________________________
>linux-user mailing list
>linux-user@egr.msu.edu
>http://www.egr.msu.edu/mailman/listinfo/linux-user
>