Thats because its entirely possible to make a system secure without Selinux, it was only born in Centos from Version 4. While I would never recommend turning off a firewall, I would recommend turning off Selinux: a firewall doesn't stop stuff on the box working properly as it ships, Selinux does. For example anything that would stop squid running properly out of the box (as Selinux does) is of limited value, in this instance its not required, it gets in the way, it IS easily possible to have a secure system without Selinux, whereas that is doubtful without a firewall. Chalk and cheese springs to mind. If Selinux is the "baby" in your metaphor, then the best thing to with it is hold it under the water until it stops moving.... For those of us who know how to configure secure systems (and I'm not suggesting you don't Tony by any stretch) Selinux is additionaly bloat I (we) don't really need. It just slows the system down... I''ve never needed it...... Pete Tony wrote: > On 11/14/05, *Peter Farrow* <peter at farrows.org > <mailto:peter at farrows.org>> wrote: > > /etc/selinux/config > > Change this line: > > SELINUX=enforcing > > to this: > > SELINUX=disabled > > > It always amazes me how quick people are to suggest that you just > switch selinux off, without balancing the suggestion with an > explanation of what they are losing by doing this. Would you switch a > firewall off because it keeps filling your log files up with packet > info? An English expression involving babies and bathwater springs to > mind ;-) > > -- > Cheers, > > Tony > >------------------------------------------------------------------------ > >_______________________________________________ >CentOS mailing list >CentOS at centos.org >http://lists.centos.org/mailman/listinfo/centos > >