Re: RFC: new network config (was: Re: network configuration)
On Fri, Feb 05, 1999 at 07:19:08PM +1100, Craig Sanders wrote:
> On Thu, Feb 04, 1999 at 11:26:45PM +0000, Christian Hammers wrote:
> > Oh, 2nd thing. As someone suggested: the IP spoofing part gets out of
> > netbase. I think it should in routes.
>
> i suggested that ages ago. Peter Tobias didn't seem to think it was a
> good idea.
>
> i think it should be in /etc/init.d/spoof-protect or
> /etc/init.d/firewall or similar.
>
> reason being is that it should be possible to stop or restart
> spoof-protection without resetting all your routes - e.g. you might have
> just flushed all your ipchains/ipfwadm rules in order to recreate them
> from scratch.
Another important reason is that netbase doesn't start in all runlevels. So
if you start in single user mode, you have the network, but no spoof
protection. That's not too dangerous since you don't have any services
running either, but it's a silly risk.
Anyone who looks into reorganizing the network config should take a look at
what runlevels things are at (rcS versus rc[12345]). If network interfaces
are configured at boot (in rcS), spoof protection, dhcp, bootp, routed, etc
should probably all be in rcS as well.
Andrew
--
"It's like a love-hate relationship, without the love"
- Jamie Zawinski, consummate UNIX hater, on Linux
Reply to: