Action:
Turn off all ip_masq modules for extra security.
In view of the the discovered weakness in ip_masq codes, for highly secure installations,
you may want to disable all the ip_masq modules and functions:
login as root, type
q to drop to the command prompt,
type lrcfg to launch the configuration menu,
type 3 to select "Package"
select "modules"
select "modules" again
delete all the lines with ip_masq
Ctrl-S and Enter
to save
Ctrl-C
q twice to back out to main configuration menu
Choose b for back-up
Choose "modules"
q twice to back out to command prompt
reboot
The disadvantages of turning off all the ip_masq_xxx codes are:
Some users in the internal network will be unhappy because they cannot do ftp
(active mode),
in that case, you have to adjust their
ftp clients software to use PASSIVE mode, so they can use ftp.
Some users will be unhappy because they cannot use the ftp URL on their browsers.
ftp URL on web browser use active mode, which is now disabled. There is no cure.
Some users will be unhappy because they cannot do Net-meeting, ICQ, cuseeme,
IRC,
quake, real audio, etc. from the internal network.
It is a balancing act you have to decide to balance between unhappy users
or leave some
security risks. Tough choice ! Who said it is perfect ?