Shorewall users - Sep 2003 - Has anyone used Shorewall with Trustix 2.0?

Has anyone used Shorewall with Trustix 2.0?

On Tue, 2003-09-23 at 16:02, Randy Millis wrote:
> Has anyone used Shorewall with Trustix 2.0?
I hope you aren''t expecting all 700 subscribers to answer
"no" before
you stop repeating your question.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Sorry I did not see the first post make it to the list or see it in the
archives. :-(

----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: "Shorewall Users Mailing List"
<shorewall-users@lists.shorewall.net>
Sent: Tuesday, September 23, 2003 5:49 PM
Subject: Re: [Shorewall-users] Has anyone used Shorewall with Trustix 2.0?

> On Tue, 2003-09-23 at 16:02, Randy Millis wrote:
> > Has anyone used Shorewall with Trustix 2.0?
>
> I hope you aren''t expecting all 700 subscribers to answer
"no" before
> you stop repeating your question.
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
>
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>

We are using shorewall with trustix 2.0 on our production firewall.
Everything is working fine, do yuou have any particular question on the
topic ?

cheers
mizzio

Il mer, 2003-09-24 alle 05:19, Randy Millis ha scritto:
> Sorry I did not see the first post make it to the list or see it in the
> archives. :-(
> 
> ----- Original Message ----- 
> From: "Tom Eastep" <teastep@shorewall.net>
> To: "Shorewall Users Mailing List"
<shorewall-users@lists.shorewall.net>
> Sent: Tuesday, September 23, 2003 5:49 PM
> Subject: Re: [Shorewall-users] Has anyone used Shorewall with Trustix 2.0?
> 
> 
> > On Tue, 2003-09-23 at 16:02, Randy Millis wrote:
> > > Has anyone used Shorewall with Trustix 2.0?
> >
> > I hope you aren''t expecting all 700 subscribers to answer
"no" before
> > you stop repeating your question.
> >
> > -Tom
> > -- 
> > Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> > Shoreline,     \ http://shorewall.net
> > Washington USA  \ teastep@shorewall.net
> >
> >
> > _______________________________________________
> > Shorewall-users mailing list
> > Post: Shorewall-users@lists.shorewall.net
> > Subscribe/Unsubscribe:
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> > Support: http://www.shorewall.net/support.htm
> > FAQ: http://www.shorewall.net/FAQ.htm
> >
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
-- 
mizzio <mizzio@sinapto.net>

On Thu, 2003-09-25 at 02:54, mizzio wrote:
> We are using shorewall with trustix 2.0 on our production firewall.
> Everything is working fine, do yuou have any particular question on the
> topic ?
Thanks Mizzio,

Did you install using the RPM or the tarball?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

We are using the rpm, which is working perfectly.
Just be careful when you upgrade the package using rpm -Uvh, since it
will create the new configuration file with an .rpmnew extension and you
will have to go through them manually.

cheers
mizzio


Il gio, 2003-09-25 alle 16:04, Tom Eastep ha scritto:
> On Thu, 2003-09-25 at 02:54, mizzio wrote:
> > We are using shorewall with trustix 2.0 on our production firewall.
> > Everything is working fine, do yuou have any particular question on
the
> > topic ?
> 
> Thanks Mizzio,
> 
> Did you install using the RPM or the tarball?
> 
> -Tom
-- 
mizzio <mizzio@sinapto.net>

> We are using shorewall with trustix 2.0 on our production firewall.
> Everything is working fine, do yuou have any particular question on
> the topic ?
Thanks for the reply. I appreciate it.

In addition to Tom''s question on if you used the rpm or tarball, I
wondered if you used the regular TSL kernel or the TSL firewall kernel,
and what sort of trustix 2.0 install you did? e.g. Firewall, minimum +
ssh?
>> > > Has anyone used Shorewall with Trustix 2.0?

On Thu, 2003-09-25 at 08:25, mizzio wrote:
> We are using the rpm, which is working perfectly.
> Just be careful when you upgrade the package using rpm -Uvh, since it
> will create the new configuration file with an .rpmnew extension and you
> will have to go through them manually.
A general note to RPM users (not just those using Trustix):

It is *not* necessary to manually update your configuration files as
described above (although you can do so if you wish). Unless it is
otherwise documented in the "Migration Issues", Shorewall releases are
always upward compatible with existing configuration files and I try to
only introduce such incompatibilities at major releases (next will be
1.5 or 2.0). The advantage of updating your config files is that the
documentation embedded in the files is always up to date that way.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

I used to compile the kernel by myslef, but trustix fw kernel is really
suitable for a good firewall, plus you get quick patched and compiled
kernel, extremely easy to install.
Minimum install + ssh is ok, but if you have to recompile a single
package you''ll need to install at least compiler, libraries, etc.
you can always do that later with the tool "swup" that comes with
trustix.

hope it helps,
mizzio

Il gio, 2003-09-25 alle 17:42, rmillisl@mailhost.isa-geek.net ha
scritto:
> > We are using shorewall with trustix 2.0 on our production firewall.
> > Everything is working fine, do yuou have any particular question on
> > the topic ?
> 
> Thanks for the reply. I appreciate it.
> 
> In addition to Tom''s question on if you used the rpm or tarball, I
> wondered if you used the regular TSL kernel or the TSL firewall kernel,
> and what sort of trustix 2.0 install you did? e.g. Firewall, minimum +
> ssh?
> 
> >> > > Has anyone used Shorewall with Trustix 2.0?
> 
-- 
mizzio <mizzio@sinapto.net>

Tom you are definitely right.
but I would anyway suggest to go through the files manually, and not
just relay on upward compatibily, even if I can guarantee it''s a
__really__  nice feature of shorewall.

cheers
mizzio

Il gio, 2003-09-25 alle 18:18, Tom Eastep ha scritto:
> On Thu, 2003-09-25 at 08:25, mizzio wrote:
> > We are using the rpm, which is working perfectly.
> > Just be careful when you upgrade the package using rpm -Uvh, since it
> > will create the new configuration file with an .rpmnew extension and
you
> > will have to go through them manually.
> 
> A general note to RPM users (not just those using Trustix):
> 
> It is *not* necessary to manually update your configuration files as
> described above (although you can do so if you wish). Unless it is
> otherwise documented in the "Migration Issues", Shorewall
releases are
> always upward compatible with existing configuration files and I try to
> only introduce such incompatibilities at major releases (next will be
> 1.5 or 2.0). The advantage of updating your config files is that the
> documentation embedded in the files is always up to date that way.
> 
> -Tom
-- 
mizzio <mizzio@sinapto.net>

On Thu, 2003-09-25 at 09:38, mizzio wrote:
> Tom you are definitely right.
> but I would anyway suggest to go through the files manually, and not
> just relay on upward compatibily, even if I can guarantee it''s a
> __really__  nice feature of shorewall.
A couple of points:

a) Sometimes I will add a new configuration parameter to shorewall.conf
with an initialized value that is different from the default value. This
is done so that new users get the initialized value as a default while
existing users that don''t specify any value for the parameter get the
default value. As a consequence, users should read the release notes
carefully before copying the entry for such new parameters from
shorewall.conf.rpmnew to shorewall.conf because doing so could
drastically change the behavior of the firewall. As an example, in 1.4.7
the ADMINISABSENTMINDED parameter will work that way.

b) I almost never update my /etc/shorewall files and I use the RPM so
I''m pretty comfortable that upgrading that way works :-) 

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Well Tom,
thank you one more time for your time and your great work !
mizzio

Il gio, 2003-09-25 alle 19:02, Tom Eastep ha scritto:
> On Thu, 2003-09-25 at 09:38, mizzio wrote:
> > Tom you are definitely right.
> > but I would anyway suggest to go through the files manually, and not
> > just relay on upward compatibily, even if I can guarantee
it''s a
> > __really__  nice feature of shorewall.
> 
> A couple of points:
> 
> a) Sometimes I will add a new configuration parameter to shorewall.conf
> with an initialized value that is different from the default value. This
> is done so that new users get the initialized value as a default while
> existing users that don''t specify any value for the parameter get
the
> default value. As a consequence, users should read the release notes
> carefully before copying the entry for such new parameters from
> shorewall.conf.rpmnew to shorewall.conf because doing so could
> drastically change the behavior of the firewall. As an example, in 1.4.7
> the ADMINISABSENTMINDED parameter will work that way.
> 
> b) I almost never update my /etc/shorewall files and I use the RPM so
> I''m pretty comfortable that upgrading that way works :-) 
> 
> -Tom
-- 
mizzio <mizzio@sinapto.net>