Re: not using debian as firewall!
On Wed, 14 Apr 1999, Daniel Martin wrote:
>Sven Rudolph <sr1@loom.sax.de> writes:
>
>> OTOH you aren't forced to disable the daemons. It might be sufficient
>> to shut down the relevant ports via IP packet filter ;-)
>
>Then you get into the issue of when those filters get invoked in the
>debian boot process; last I remember, Debian's boot order wasn't
>careful enough about not allowing times after interfaces were
>configured but before packet filtering was set up.
>
>That is, I think that currently there's a time during the boot
>sequence during which the interfaces are configured but no packet
>filters are yet in place. People who want to be really secure about
>their routers don't tend to like this.
You can do what I do. Make the second line of /etc/init.d/network be
"/etc/init.d/firewall" and then go on and initialise all the interfaces after
the firewall is in place.
Russell Coker
Reply to: