Re: not using debian as firewall!

To: debian-devel@lists.debian.org
Subject: Re: not using debian as firewall!
From: Daniel Martin <Daniel.Martin@jhu.edu>
Date: Wed, 14 Apr 1999 09:30:54 -0400
Message-id: <[🔎] 87emln1g8h.fsf@cush.dyn.ml.org>
In-reply-to: Sven Rudolph's message of "Tue, 13 Apr 1999 19:59:50 +0200"
References: <[🔎] Pine.LNX.3.96.990413024438.7176B-100000@xanadu.pet.cam.ac.uk> <[🔎] Pine.LNX.3.96.990412202900.5212B-100000@gateway.targonia.com> <[🔎] 19990413194040.A7365@rising.com.au> <[🔎] 87iub0pfjd.fsf@loom.sax.de>

Sven Rudolph <sr1@loom.sax.de> writes:

> OTOH you aren't forced to disable the daemons. It might be sufficient
> to shut down the relevant ports via IP packet filter ;-)

Then you get into the issue of when those filters get invoked in the
debian boot process; last I remember, Debian's boot order wasn't
careful enough about not allowing times after interfaces were
configured but before packet filtering was set up.

That is, I think that currently there's a time during the boot
sequence during which the interfaces are configured but no packet
filters are yet in place.  People who want to be really secure about 
their routers don't tend to like this.

Reply to:

References:
- Re: not using debian as firewall!
  - From: Matt Kern <mwk20@cam.ac.uk>
- Re: not using debian as firewall!
  - From: David Bristel <targon@targonia.com>
- Re: not using debian as firewall!
  - From: Hamish Moffatt <hamish@debian.org>
- Re: not using debian as firewall!
  - From: Sven Rudolph <sr1@loom.sax.de>

Prev by Date: Re: Are /cdrom and /floppy really forbidden by policy?
Next by Date: calling console apt developers
Previous by thread: Re: not using debian as firewall!
Next by thread: Re: not using debian as firewall!
Index(es):
- Date
- Thread