On Sat, 14 Dec 2002, bong sabolboro wrote:
> I am currently implementing a firewall using a
> notebook and Debian Woody. What is the best place to
> put the firewall rules that I want implemented for my
> local setup?
There are a few possible alternatives. The main point is that you want
your firewalling rules to be in place before your interfaces come up. This
constraint means that you can either:
1) create an init script and an S* link to it in /etc/rcS.d, with a number
smaller than the ones that initialise your networking. Simple, effective,
possibly not the most flexible solution, but it works (that's what I did
on my laptop), a couple of years ago.
2) create init scripts and place then in /etc/network/if-pre-up.d and
friends: in this way you can have a more finely grained control and still
have all the security. This is also a solution closer to the "debian" way
of doing things. It requires a little bit more work, but this is probably
what I would do now if I were to redo my firewalling setup from scratch on
my laptop. Check the documentation for the ifupdown package to see how to
get this right.
Since you are using a laptop, there are also more possibilities, which
depend on what you will be using to handle networking: you may want to
call scripts from pcmcia-cs initialisation scripts, if you are using a
pcmcia network adapter, or you may want to use laptop-net, which uses its
own set of scripts to set up networking in different environments... and
much more. However, these latter solutions will depend on a specific
hardware setup and on specific software packages. As I said before, I
would go for 2) above, but it's your choice really, and that's what
open-source is all about: there is more than one "right" way to do things
and you get to choose what you prefer.
Hope this helps, bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <[EMAIL PROTECTED]>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
