Re: Firewall with woody

Jorge Escudero un jour écrivit:
> I have the Firewall with woody and I never had got any security problem.
> Is it risky to still using this version?

   For a firewall, you need to at least upgrade the kernel and patch + recompile ssh and libssl. More library update are also needed if you also care about local exploits. You also need to know what you are doing, because otherwise you could experience some problems.

   For example, if you are doing traffic shapping with /sbin/tc, you will need to patch iptable because of changes in kernel 2.4.20 (which means you need to read the kernel changelog before).

   You need to have a really good reason for not upgrading, and if you need to ask, then you probably don't have such a reason.

   There is a few production servers I still maintain with Woody and the latest 2.4 kernels with special patches. But It means I need to follow bugtraq and other mailing lists, sometime hand patch some programs or libraries and understand what I am doing. And I get money for spending time maintaining those systems.

   That said, I won't run a Woody firewall unless I am forced to. If the problem is the frequent 2.6 kernel updates, then Sarge also support the 2.4 kernel and could win you few months, but I doubt it is worth It in your case.

> Do I have to upgrade the version any time a new one is release?

   You could decide to upgrade to Sarge, and wait until Lenny is out to upgrade to Etch and so on, but Etch is much better than Sarge in my opinion and would go directly there. If you are paranoid, you will also want to activate SELinux.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

Simon Valiquette

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org