-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list

Speaking about books (saw a topic about checkbooks...).... how are thing
going along with the "Good book" rewriting?

It has been a while since I have seen it mentioned.

regards

Peter

- --
"I'm willing to sacrifice anything for this cause, even other people's
lives"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/50cCqV1uRRMUN/wRAsEAAJ9W5tE6oKauxsufb1W9M56pPEI5UgCfRNkl
9vgaDxLvZaS43yzXc4MNEFA=
=vjmc
-----END PGP SIGNATURE-----

Bilbo <bilbono@spamnedlinux.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

pgp trash troll delete

> Hi list

Hi.

> Speaking about books (saw a topic about checkbooks...).... how
> are thing going along with the "Good book" rewriting?

We are looking for somebody to do an objective article on pgp.
Inline pgp is the most frequent violation of usenet netiquette seen
around here. Could you please refrain from using inline pgp in the
future unless you have a good reason to do so?

Thank you.

cordially, as always,

rm

On Mon, 22 Dec 2003 20:33:22 +0100, Bilbo <bilbono@spamnedlinux.nl> wrote:
> Speaking about books (saw a topic about checkbooks...).... how are thing
> going along with the "Good book" rewriting?

I need to find time (or someone) to make sure the ipchains section of
the Security chapter is correct. Other than that, I think it's
finished (the Security chapter, that is).


--
Simon <simon@no-dns-yet.org.uk> **** GPG: F4A23C69
"We demand rigidly defined areas of doubt and uncertainty."
- Douglas Adams

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Tue, 23 Dec 2003 02:08:09 +0000, Simon <usenet@no-dns-yet.org.uk> wrote:
> On Mon, 22 Dec 2003 20:33:22 +0100, Bilbo <bilbono@spamnedlinux.nl> wrote:
>> Speaking about books (saw a topic about checkbooks...).... how are thing
>> going along with the "Good book" rewriting?
>
> I need to find time (or someone) to make sure the ipchains section of
> the Security chapter is correct. Other than that, I think it's
> finished (the Security chapter, that is).

Looking at it now...

The first big thing I notice is the iptables -P FORWARD DROP - be wary
running this from an ssh session, as it will *kill* all outbound traffic
dead. Very dead. Even existing connections.

I also notice you allow 127.0.0.0/8 to talk to itself... do things
really use other than 127.0.0.1?

Ooops, you were talking ipchains... I don't play ipchains. :-\

Sorry... should take this to the list, I think I'm still on it...

--
Rob | If not safe,
Email and Jabber: | one can never be free.
athlonrob at axpr dot net |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/57mvhm6KEoOOAe0RAgptAKDE4qzZH36VvHNzRjMZO+bA2EOZ7A CghHxi
1Om4Nv0M1TDFK7kmuHbJVgc=
=hX39
-----END PGP SIGNATURE-----

On Mon, 22 Dec 2003 19:42:39 -0800, AthlonRob <junkmail@axpr.net> wrote:
> The first big thing I notice is the iptables -P FORWARD DROP - be wary
> running this from an ssh session, as it will *kill* all outbound traffic
> dead. Very dead. Even existing connections.

Ah yes, that's true. I'll add some sort of warning about that in
there (i.e don't apply default policies until after you've added
exceptions). I find it strange that you quoted the FORWARD line,
though; I'd have thought that the INPUT policy would affect SSH
sessions more (unless they're being NATed in some way).

> I also notice you allow 127.0.0.0/8 to talk to itself... do things
> really use other than 127.0.0.1?

I haven't seen anything use an address other than 127.0.0.1, but all
are classed as loopback and all are routed over the lo interface, so I
use that rule just in case.

> Ooops, you were talking ipchains... I don't play ipchains. :-\

No problem. Any kind of feedback is appreciated. Thanks.


--
Simon <simon@no-dns-yet.org.uk> **** GPG: F4A23C69
"We demand rigidly defined areas of doubt and uncertainty."
- Douglas Adams

AthlonRob <junkmail@axpr.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message

pgp trash troll delete

> Looking at it now...

> The first big thing I notice is the iptables -P FORWARD DROP - be
> wary running this from an ssh session, as it will *kill* all
> outbound traffic dead. Very dead. Even existing connections.

I think the problem is the unwarranted use of pgp. This posting
uses pgp inline which violates standard usenet netiquette. You are
asked to refrain from using pgp inline in future postings.

Please show some respect for the other posters in the group.

Thank you.

cordially, as always,

rm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Tue, 23 Dec 2003 04:13:42 +0000, Simon <usenet@no-dns-yet.org.uk> wrote:
> Ah yes, that's true. I'll add some sort of warning about that in
> there (i.e don't apply default policies until after you've added
> exceptions). I find it strange that you quoted the FORWARD line,
> though; I'd have thought that the INPUT policy would affect SSH
> sessions more (unless they're being NATed in some way).

Hmm.. you're right. Full story is I was switching from one firewall
script to another. First firewall script defaulted INPUT, FORWARD, and
OUTPUT to drop, new firewall scropt only played with two of those,
leaving the last one at drop, but with all its chains cleared.

I thought it was forward I had to fix, maybe it wasn't? Ahh... looking
at the original version of the firewall script I fixed for what I needed
(was TNG, now it's DS9), it was OUTPUT that didn't have a default policy
set, so the first firewall's policy stayed in effect. IIRC your chapter
doesn't mention OUTPUT.

Ah well. :-)

--
Rob | If not safe,
Email and Jabber: | one can never be free.
athlonrob at axpr dot net |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/59w+hm6KEoOOAe0RAjPZAKCgcWylpnhpTliBxLbevVVS8MSRlA CgmZ5l
bsFPC8ssZy3q2ZjUpupaz5U=
=TVQX
-----END PGP SIGNATURE-----

AthlonRob <junkmail@axpr.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message

pgp trash troll delete

> Hmm.. you're right. Full story is I was switching from one
> firewall script to another. First firewall script defaulted
> INPUT, FORWARD, and OUTPUT to drop, new firewall scropt only
> played with two of those, leaving the last one at drop, but with
> all its chains cleared.

Does pgp interfere with the firewall? If so, the solution is
simple, especially since inline pgp violates usenet convention, not
to mention this ng's policy.

Could you please refrain from using inline pgp unless it is
absolutely necessary? Please show some respect for the other
posters.

Thank you.

cordially, as always,

rm

In alt.os.linux.slackware, Bilbo dared to utter,
> Speaking about books (saw a topic about checkbooks...).... how are thing
> going along with the "Good book" rewriting?

It's coming ever so slowly. Updates roll in very infrequently. Frankly,
I've been swamped of late with school and work to the point that I
haven't worked much on it, and haven't been cracking the whip at other
people because of it. I'd feel guilty telling other people to move
their asses while mine stays firmly seated. :^(

I've got two chapters outstanding, and clean-up that needs to be done
in the others. Now that kernel 2.6 has been released, we need to add
instructions for building and instaling kernels of this version.

I could use a hand explaining JFS and XFS if anyone's interested, since
I haven't used either of these file systems.

Does anyone think we should split the chapter on file systems in two?
Do one chapter on local filesystems (reiserfs, ext2/3, etc.) and one on
network filesystems (Samba, NFS)? I think NIS also deserves to be
touched on somewhere, though I am underqualified to speak on it as
well.

--
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5

On 23 Dec 2003 11:34:32 -0600, Alan Hicks
<1001298936@ettin.custom-consulting.com> wrote:
> Does anyone think we should split the chapter on file systems in two?
> Do one chapter on local filesystems (reiserfs, ext2/3, etc.) and one on
> network filesystems (Samba, NFS)?

I think that's a good idea. Maybe the network file systems should be
covered in the 'Network Configuration' section?


--
Simon <simon@no-dns-yet.org.uk> **** GPG: F4A23C69
"We demand rigidly defined areas of doubt and uncertainty."
- Douglas Adams