Menu
▾
▴
[Devil-Linux-discuss] test on Devil-Linux 1.4RC1
|
From: <oli...@fr...> - 2009-06-08 14:08:41
|
Hello,
I tried to test the new RC1 and I felt a bit dizzy with the normal version and
the server version. It seems that the server version was compiled without grsec
! any other difference ?
As a first approch of testing this new RC1, I tried to migrate from a DL 2.15
(main use as a firewall with only services Beep, Firewall, Routing, SSHD) : new
RC1 convert old configuration files but during the "save-config" on /dev/fd0 I
got a loop message : please insert configuration media in /dev/fd0.
I decided to reconfigure RC1 from scratch. Everything was fine except few
details I noticed :
1 - Problem of new iptables version that is not allowed to Drop on Nat tables,
despite default firewall script is using :
# Prevent NetBIOS and Samba from leaking.
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 135 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 135 -j DROP
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 137:139 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 137:139 -j DROP
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 445 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 445 -j DROP
Starting Firewalliptables v1.4.3.2:
The "nat" table is not intended for filtering, the use of DROP is therefore
inhibited.
2 - Tried to test webmin and noticed another little problem with module
Webminstats. Perl script cannot execute because of an error in the @INC path
(files RRDs.pm is in /usr/lib/perl/5.8.9/i686-linux-thread-multi and not in
/usr/lib/perl5/5.8.9/i686-linux-thread-multi).
3 - As a comparaison of both versions, release 2.15 was 23 tasks and more or
less 40000K in memory. New RC1 is 46 tasks and 85000K in memory with same
configuration. I was just wondering what can be expected in term of security
when the main use is a firewall ? (this is not a complain but more a question
that a novice like me could have in mind)
I hope this e-mail will help such a good project like Devil-linux. Thanks in
advance for your answers, and congratulation for this new release that seems to
have much more functunalities than the previous one.
Olibouli
|
