On Tue, Aug 08, 2000 at 11:53:16AM -0700, Wichert Akkerman wrote: > Previously Bernd Eckenfels wrote: > > Perhaps it would be the best to switch the ipchains to policy "default deny" > > at the start of networking and then set up the rules afterwards in your own > > script. fwctl is one of those options for setting up the rules. > > You can setup all the rules before bringing the network online, I do > that on all my machines. > and of course you have to cut&paste on every /etc/init.d/networking update. i minded if any other method a little more upgrade-proof has already been developed. this is again the same flame war of how to save admin's choises from system upgrades. sometimes they came back. :) i know that kernel 2.4.x is going to subvert this field again so i'm not surprised at all not seeing (but i'm pretty blind from this point of view) anybody doing projects. i was just wondering... -----[ Domenico Andreoli, aka cavok --[ get my public pgp key at http://www.freeweb.org/free/cavok/ -[ unix is user friendly. it's just selective about who its friends are...
Attachment:
pgptcZSsZie3u.pgp
Description: PGP signature