[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: not using debian as firewall!

On Wed, 14 Apr 1999, Daniel Martin wrote:
>Sven Rudolph <sr1@loom.sax.de> writes:
>> OTOH you aren't forced to disable the daemons. It might be sufficient
>> to shut down the relevant ports via IP packet filter ;-)
>Then you get into the issue of when those filters get invoked in the
>debian boot process; last I remember, Debian's boot order wasn't
>careful enough about not allowing times after interfaces were
>configured but before packet filtering was set up.
>That is, I think that currently there's a time during the boot
>sequence during which the interfaces are configured but no packet
>filters are yet in place.  People who want to be really secure about 
>their routers don't tend to like this.

You can do what I do.  Make the second line of /etc/init.d/network be
"/etc/init.d/firewall" and then go on and initialise all the interfaces after
the firewall is in place.

Russell Coker

Reply to: