Re: Firewall/init scripts problem
On 16 Mar 2003 15:05:07 +0100
Aaron Isotton <email@example.com> wrote:
> My problem is: where should $STORAGE_FILE go?
I vote for a directory called /etc/iptables.
> - I'd like to bring up the firewall before the network interfaces;
> these are brought up in /etc/rcS.d/S39ifupdown; thus it should start
> before that.
If your firewall rules are include references to network interfaces, can
you start the firewall before the interfaces exist?
A paranoid secure way to do what I think you want is to start the
firewall with a few rules that block all network traffic, then start the
network, then replace the block-everything rules with the ones you
really want to use.