RCF has a test mode. Because the normal comments are piped to standard output, and the commands are piped to standard error, the output is best viewed when RCF is invoked as follows:

For more info, or manual install, please refer to the installation notes. RedHat (RPM) rpm -U rcf-noarch-[version].rpm If you changed one or more of the security levels, you'll need to run RCF with the --update-config parameter, some items will appear, others disappear.

This will log all output on level user.info. Make sure you have a rule in /etc/syslog.conf to do something with that level. (On my system it will by default be logged to /var/log/messages). If your not comfortable with that level, use the '-p' flag to specify the desired level. If you use SysV startup scripts (e.g. /etc/rc.d/rc3.d/S12firewall) screen output is logged automatically when you change runlevels.

Join the 'developers' mailing list, and contribute your additions there or consider becoming an official RCF developer.

The latest stable version will be available at the homepage and at Freshmeat. If you feel the need to have the latest version, for development, or because you need the state-of-the-art, you can download the development version at: http://rcf.mvlan.net/dist/dev/

You should first do an uninstall of rc.firewall before installing RCF. To prevent the loss of your config file, use the following commands: cp /etc/firewall.conf /etc/firewall.conf.old ; rpm -e rc.firewall ; cp /etc/firewall.conf.old /etc/firewall.conf ; rpm -i rcf-[version].noarch.rpm

Use the --[accept|deny|forward]-[int]-[serv]-[hosts|servers|clients|ports|rhostlports] {host|ip|subnet} {...} switch. Adds a temporary entry to a configuration option; Useful when you want to open-up a service "on the fly". These settings will be lost the next time the firewall is executed.

RCF doesn't support iptables yet. Not to worry, ipchains will be supported for quite some time in the 2.4 kernels. (Refer to netfilter.filewatcher.org/unreliable-guides/packet-filtering-HOWTO/index.html) RCF will be ported to iptables eventually, but since defining a firewall with iptables is a far more complex matter than with ipchains, don't expect a reliable version (of any firewall for that matter) to come out soon. To use RCF with a 2.4 kernel you need to compile support for ipchains.

No. Given the speed of computers nowadays, you shouldn't experience any performance loss, not even on an old 486. If you experience delays, it's possible due to a parallel protocol which has to time out, such as an ident lookup with smtp. You may need enable/add support for the component which can't connect if you feel like it.

You can't. Private traffic is just what it says it is: private. It must not be allowed on the public Internet, since there's no way a packet sent to a private IP will ever arrive. It just pollutes the net. You should buy yourself a second ethernet card.

The router should (of course) make use of ACLs to control DMZ->MZ traffic. Typically, databases would be located on the MZ. Let's not forget, the 'standard' definition of a DMZ is a network with servers offering their services on the Internet. MZ servers should not communicate directly with the Internet, but only with DMZ servers in a very restricted fashion. Using RCF, you have to keep your public IPs on the firewall, so you can't really load balance with RCF.

Setting up a Virtual Private Network is not an every day job, but if you follow these steps correctly, it should be a piece of cake. I'm assuming your external (VPN) interface will be eth0, but your situation may be different. Use the name of your VPN interface where I say [int] or eth0. Your ISP will give you an IP to use for your VPN connection. You'll of course need separate VPN software, such as Free S/WAN, vpnd or PPTP. It needs to be configured properly, and running.

Some users expressed the need for a tailored script, which improves execution speed. To create such a script, invoke RCF as follows: Mind you, the new shell script will not reflect any changes in the config file. You'll need to create a new one each time you upgrade RCF, add or remove interfaces or change something in your configuration file.

This is due to the fact that you forgot to enable support for a part of the particular protocol you experience problems with. This is similar to the previous question.

It's very unfortunate if you're locked out due to a misconfiguration when you don't have physical access to the box. Invoke RCF like this: The 'sleep 300' will enable you to test this config for 5 minutes (300 secs). If it doesn't work after this period, rcf will open up the box entirely. You'll be able to login thereafter.

Why does the Haematology QAP only provide WCC, Hb and Platelet count for the Morphology cases? Real laboratory situation is all FBC parameters.

The two Authorities (Building Regulations and CORGI) who make judgements on what is, and what is not legal, differ slightly in their views. So quite simply we cannot give you a definitive answer. You must check with the CORGI registered installer who will fit your Fireplace. Hearths used to be mandatory when coal was burned because a spillage could cause a serious fire. Gas units are less likely to cause this problem but the Law correctly intends to protect the young, elderly or infirm.