Re: not using debian as firewall!

To: debian-devel@lists.debian.org
Subject: Re: not using debian as firewall!
From: Russell Coker <russell@coker.com.au>
Date: Thu, 22 Apr 1999 17:31:41 +0100
Message-id: <[🔎] 99042217325705.00412@lyta>
Reply-to: russell@coker.com.au
References: <87emln1g8h.fsf@cush.dyn.ml.org>

On Wed, 14 Apr 1999, Daniel Martin wrote:
>Sven Rudolph <sr1@loom.sax.de> writes:
>
>> OTOH you aren't forced to disable the daemons. It might be sufficient
>> to shut down the relevant ports via IP packet filter ;-)
>
>Then you get into the issue of when those filters get invoked in the
>debian boot process; last I remember, Debian's boot order wasn't
>careful enough about not allowing times after interfaces were
>configured but before packet filtering was set up.
>
>That is, I think that currently there's a time during the boot
>sequence during which the interfaces are configured but no packet
>filters are yet in place.  People who want to be really secure about 
>their routers don't tend to like this.

You can do what I do.  Make the second line of /etc/init.d/network be
"/etc/init.d/firewall" and then go on and initialise all the interfaces after
the firewall is in place.

Russell Coker

Reply to:

Prev by Date: Intent to package extipl
Next by Date: Re: not using debian as firewall!
Previous by thread: Intent to package extipl
Next by thread: Re: not using debian as firewall!
Index(es):
- Date
- Thread