Re: Must Have apps for the next BDI

[John Sheahan <jrsheahan-at-optushome.com.au>]

On Mon, May 19, 2003 at 12:11:36AM -0400, Mike Joyce wrote:
> 
> opera (Netscape and other gecko clients = slow)
 
 is opera redistributable?  
 (MozillaFirebird is my current favourite)

> 
> I think that adding a firewall would be a great idea, I personally
> prefer ipfw, if you want I can throw together a simple firewall rule
> that would be suited for home use (blocking 135-139 and telnet etc).
> 
> I would also suggest, if we start enabling services that we chroot
> and/or jail them. There are a lot of people who just scan the net
> looking for default redhat installs that are running outdated ssh, or
> wuftpd or something. Even if we release code that is known secure, there
> are a lot of undocumented sploits floating around out there, that the
> normal home user isn't ready to handle.

I assume the box running the mill is not the primary firewall for the
site. Given that, I'd wonder if the reduced connectivity to other local
machines is worth the benefit of a firewall on that box.

Your comments are very appropriate for a box live on the net - but 
might be overkill for a small network either not net connected or connected
through another box that masquerades and proxies.   How do most people use
emc?

Also I thought ipfw was a *bsd specific tool?  I use iptables 
for a 2.4 kernel. ipchains for older ones. 

john