| 1 |
http://slave-network.org/firewall.txt |
| 2 |
|
| 3 |
On 5/3/07, 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> wrote: |
| 4 |
> |
| 5 |
> Thanks again for the quick reply! It'll be interesting to compare |
| 6 |
> configs. I have begun the "boolean reduction compilation" process: |
| 7 |
> deactivating half of the grsec/pax stuff; testing; reactivating that |
| 8 |
> half and deactivating the remaining half; etc. :-( |
| 9 |
> |
| 10 |
> Also looking at 2.6.21 ...... |
| 11 |
> |
| 12 |
> Could you also attach your iptables rules? I presume you're doing a |
| 13 |
> pretty straight forward FW (e.g. allow outgoing; drop or block |
| 14 |
> incoming; check for tcp flags; log martians; etc.) |
| 15 |
> |
| 16 |
> |
| 17 |
> On 5/2/07, Caleb Cushing <xenoterracide@×××××.com > wrote: |
| 18 |
> > |
| 19 |
> > I've attached the config, and I haven't noticed any issues with slowness |
| 20 |
> > I'm running 2.6.20 on 3 boxes, but not hardened. so it could be a |
| 21 |
> > hardened patch. I just know iptables had major changes. |
| 22 |
> > |
| 23 |
> > On 5/2/07, 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> wrote: |
| 24 |
> > > |
| 25 |
> > > Thank You!! for the quick response. |
| 26 |
> > > |
| 27 |
> > > Yes.... please do let me see your config file. I've been thinking of |
| 28 |
> > > doing this for a while, and now is a good time. |
| 29 |
> > > |
| 30 |
> > > Are you running 2.6.20x? If yes, is it as responsive as '18x ? |
| 31 |
> > > |
| 32 |
> > > TIA |
| 33 |
> > > |
| 34 |
> > > On 5/1/07, Caleb Cushing < xenoterracide@×××××.com> wrote: |
| 35 |
> > > > |
| 36 |
> > > > don't know about being slow but iptables had major changes in |
| 37 |
> > > > 2.6.20.x so you probably will have to go through those manually. I |
| 38 |
> > > > can give you my config for iptables if you need help getting it working. |
| 39 |
> > > > |
| 40 |
> > > > On 5/1/07, 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> wrote: |
| 41 |
> > > > > |
| 42 |
> > > > > Just installed 2.6.20-r2, and find it particularly slow - slow to |
| 43 |
> > > > > boot, slow to operate (high cpu), while 2.6.18-r6 is quick, with |
| 44 |
> > > > > low cpu useage. |
| 45 |
> > > > > |
| 46 |
> > > > > Any ideas, please? (e.g. there was a configuration option a few |
| 47 |
> > > > > releases ago that snuck in and slowed things down; I've forgotten which it |
| 48 |
> > > > > was :-( ) |
| 49 |
> > > > > |
| 50 |
> > > > > (Same kernel configurations; had to update udev from 104-r12 to |
| 51 |
> > > > > 109-r1 to keep from crashing during the boot process; replaced firehol with |
| 52 |
> > > > > shorewall 3.4.2, which works on 2.6.18-r6 just fine, but fails on |
| 53 |
> > > > > 2.6.20-r2 . Did not upgrade gradm, as it's likely I'll stay with |
| 54 |
> > > > > '18) |
| 55 |
> > > > > |
| 56 |
> > > > > TIA |
| 57 |
> > > > > |
| 58 |
> > > > |
| 59 |
> > > > |
| 60 |
> > > > |
| 61 |
> > > > -- |
| 62 |
> > > > Caleb Cushing |
| 63 |
> > > |
| 64 |
> > > |
| 65 |
> > > |
| 66 |
> > |
| 67 |
> > |
| 68 |
> > -- |
| 69 |
> > Caleb Cushing |
| 70 |
> > |
| 71 |
> |
| 72 |
> |
| 73 |
|
| 74 |
|
| 75 |
-- |
| 76 |
Caleb Cushing |
Archives