-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 07 January 2002 12:50 pm, Alan Chandler wrote: > On Monday 07 January 2002 6:32 pm, Ron Johnson wrote: > > As for the firewall script, I put it in /etc/init.d, and execute > > it from /etc/init/networking, just after the "ifup -a". > > > > If you have a better place to put it, I'd love to hear it... > > As I said in an earlier post in this thread - you need the firewall > there BEFORE networking (otherwise there is a small window for > attackers to get in before your firewall is in place). As I also
Good thought. However, with a dhcp-assigned fully-routable IP address, how can you create rules on it without 1st knowing the address? So, mustn't you make it S38firewall? Of course, if you have a dhcp-assigned address that never changes, I guess you could fudge things. > said if you look in /etc/rcS.d ifupdown is linked in as S39ifupdown > (and didn't say networking is linked in as S40networking) - so I > linked my firewall script as S38firewall. I kept it independent of > networking as the debian style is to break things into individual > files so that packages can be upgrading without breaking. I wonder why you have S39ifupdown, but I have S40networking? "S40networking start" basically only does "ifup -a". Likewise, "stop" just does "ifdown -a". - -- +------------------------------------------------------------+ | Ron Johnson, Jr. Home: [EMAIL PROTECTED] | | Jefferson, LA USA http://ronandheather.dhs.org:81 | | | ! "Fair is where you take your cows to be judged." ! ! Unknown ! +------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8OfUQjTz5dS9Us5wRAkWQAJ9k8esU8xZs2CvO17jWcTeqEBe9DACdGnNb tnCwbTOB6j9Es92JtxYwMPM= =nmwR -----END PGP SIGNATURE-----
