Template: netbase/upgrade-note/radius-ports-pre-3.05 Type: note Description: Important hint for users of radius software The official port numbers of the radius service have been changed from 1645 and 1646 to 1812 and 1813. If you use the radius service please make sure that the client and server software both use the same port numbers. Template: netbase/upgrade-note/portmap-restart-pre-3.11-2 Type: note Description: The old portmapper is still running. The old portmapper is still running. This will cause problems, mainly that "/etc/init.d/portmap stop" won't actually do anything. To fix this, I'm going to try to forcibly stop portmap, and then restart it. Template: netbase/upgrade-note/init.d-split-pre-3.16-1 Type: note Description: /etc/init.d/netbase has been split. /etc/init.d/netbase is no longer required or used. . /etc/init.d/portmap now handles stopping and starting the portmapper, /etc/init.d/inetd handles stopping and starting inetd, and /etc/init.d/networking handles spoof protection. Template: netbase/upgrade-note/etc-network-interfaces-pre-3.17-1 Type: note Description: /etc/init.d/network superceded by /etc/network/interfaces /etc/init.d/network is no longer directly supported. You may, of course, continue using it to setup your networking, however new Debian installs will use the ifup/ifdown commands to configure network interfaces based on the settings in /etc/network/interfaces. . If you do convert to using /etc/network/interfaces in place of /etc/init.d/network you will probably want to remove /etc/init.d/network and the /etc/rcS.d/S40network symlink. These will not be touched by netbase or other Debian packages in future. . Note that the old default /etc/init.d/network used to add a route for the loopback interface. This is no longer necessary for 2.2.x series kernels, and will result in a (non-fatal) SIOCADDRT error message at bootup. Template: netbase/inetd-dos-services Type: boolean Default: true Description: Disable chargen, echo, daytime/udp, time/udp services? The `chargen', `echo', `daytime/udp' and/or `time/udp' internal services can be used for denial-of-service attacks and should therefore be disabled. For further information please check the CERT advisory CA-96.01 (ftp://info.cert.org/pub/cert_advisories/CA-96.01.*) . You should also check your /etc/inetd.conf and disable all unused services (especially UDP services). Template: netbase/ipfwadm-wrapper Type: boolean Default: true Description: Should ipfwadm be set to an ipchains compatible wrapper? Linux 2.2 no longer supports the ipfwadm command, and instead requires the use of the much more flexible ipchains command. In order to ease the transition, the ipchains author has made available an ipfwadm wrapper program, which will work under both Linux 2.2 and Linux 2.0, in most situations. This question gives you the choice having the /sbin/ipfwadm command refer to this wrapper (recommended, and the default), or the original ipfwadm command. . If you have already converted your system to use ipchains, just choose the default option. Template: netbase/ipv6-hosts Type: boolean Default: true Description: Would you like IPv6 addresses added to /etc/hosts? Sooner or later, Debian will include out-of-the box support for IPv6 (see http://www.ipv6.org/). As such, you might like to start playing with this, and seeing what things break as we try to add support for IPv6. Template: netbase/spoofprot Type: note Description: Spoof protection for pre-2.2 kernels If you are running a pre-2.2 series kernel, IP spoof protection cannot be enabled without special configuration, found in /etc/network/spoof-protect and provided by answering the following questions. . For 2.2.x and later kernels, this information will be determined automatically at boot time, so you don't need to enter anything here unless you also use pre-2.2 kernels. Template: netbase/spoofprot/pre-2.2-ip Type: string Default: 127.0.0.1/8 Description: What IP addresses (or address ranges) should be considered local? IP addresses and ranges should be listed in any order, and separated by spaces. Addresses should be specified as a dotted quad, while ranges should be specified in CIDR-style. So the class C network 192.168.42.0-192.168.42.255 would be specified as 192.168.42.0/24. Template: netbase/spoofprot/pre-2.2-interfaces Type: string Default: eth0 eth1 ppp0 Description: What remote interfaces does this host have?