Ive been using Shorewall for my small business LAN for about 1.5 years now. I haven''t upgraded in that time as.. well.. everything has worked just fine (AFAIK). I read the postings to this list and see that a major version release is now available. It makes me wonder whether I should rev my installation. Suggestions? Am I kidding myself in believing that Im secure with my (now) dated installation? Ok. (he says while strapping on his flame retardent suit).. Im ready.. bring it on.. tell me what a moron I am.
You are probably just fine with your current configuration, if it was set up correctly. - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of jon yeargers Sent: Wednesday, March 24, 2004 4:13 PM To: shorewall-users@lists.shorewall.net Subject: [Shorewall-users] To upgrade? Ive been using Shorewall for my small business LAN for about 1.5 years now. I haven''t upgraded in that time as.. well.. everything has worked just fine (AFAIK). I read the postings to this list and see that a major version release is now available. It makes me wonder whether I should rev my installation. Suggestions? Am I kidding myself in believing that Im secure with my (now) dated installation? Ok. (he says while strapping on his flame retardent suit).. Im ready.. bring it on.. tell me what a moron I am. _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Wed, 2004-03-24 at 13:13 -0800, jon yeargers wrote:> Ive been using Shorewall for my small business LAN for about 1.5 years > now. I haven''t upgraded in that time as.. well.. everything has worked > just fine (AFAIK). I read the postings to this list and see that a major > version release is now available. It makes me wonder whether I should > rev my installation. > > > Suggestions? Am I kidding myself in believing that Im secure with my > (now) dated installation? > > Ok. (he says while strapping on his flame retardent suit).. Im ready.. > bring it on.. tell me what a moron I am.I really don''t think much if anything has changed in Shorewall itself that would have an impact on your security. The changes have been much more additional features and tweaks on existing things. The more pressing issue would be if you have kept your kernel and iptables up to date. That is where your exposure to vulnerabilities would lie. -- David T Hollis <dhollis@davehollis.com>
David T Hollis wrote:> On Wed, 2004-03-24 at 13:13 -0800, jon yeargers wrote:> > I really don''t think much if anything has changed in Shorewall itself > that would have an impact on your security. The changes have been much > more additional features and tweaks on existing things. The more > pressing issue would be if you have kept your kernel and iptables up to > date. That is where your exposure to vulnerabilities would lie. >There has only been one improvement recently that had a material impact on security. The ''routefilter'' option was essentially non-functional prior to Version 1.4.8. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net