Re: Portsentry and iptables

[Devon <devon tuxfan homeip net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 28 September 2001 03:58 pm, Bill Johnson wrote:
> I am running RH 7.1, and have iptables running via Firestarter.   I
> also have Portsentry running.  Is there any reason why I need
> Portsentry?  I ask because it is eating a huge percentage of CPU, and
> spewing out tons of messages.  With iptables in place, is it giving
> me any extra protection or is it just redundant?
>
> Thanks in advance for any advice.

I keep port sentry around as part of a 'defense in depth' stratagy. If 
there is a hole in the firewall, portsentry may be able to catch it.

In my case, it uses next to 0 resources, and never generates messages.
(Other than start up and shut down messages)
The firewall is catching anything that would trigger portsentry. 

14009 root       9   0    72    4     4 S     0.0  0.0   0:00 portsentry
14013 root       9   0    76    4     4 S     0.0  0.0   0:00 portsentry

What kind of messages are you seeing? If portsentry is seeing traffic, 
it's probably because your firewall is allowing it through. This is a 
perfect example of why using both might not be a bad idea.

Hope that helps,

- -D

- -- 

pgp key:  http://www.tuxfan.homeip.net:8080/pgpkey.txt

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7tOR9eMAUbzJhSVcRAvD1AKC6iYYSgGjcRLBH9aU+sWVJ90njxwCdGMYx
EhMxpJvvXZQnKe9947zLLL4=
=JGgr
-----END PGP SIGNATURE-----