Re: OT: /etc/init.d/networking & firewall

To: lists@lina.inka.de (Bernd Eckenfels)
Cc: debian-devel@lists.debian.org
Subject: Re: OT: /etc/init.d/networking & firewall
From: phil@bolthole.com (Philip Brown)
Date: Tue, 8 Aug 2000 20:35:35 -0700 (PDT)
Message-id: <[🔎] 200008090335.UAA29727@shell3.ba.best.com>
Reply-to: phil@bolthole.com
In-reply-to: <[🔎] 20000809032410.A13989@lina.inka.de> from Bernd Eckenfels at "Aug 9, 0 03:24:10 am"

[ Bernd Eckenfels writes ]
> On Wed, Aug 09, 2000 at 01:16:43AM +0200, Domenico Andreoli wrote:
> > i minded if any other method a little more upgrade-proof has already been
> > developed. this is again the same flame war of how to save admin's choises from
> > system upgrades. sometimes they came back. :)
> 
> make your own ipfilter script or use fwctl.

Presumably, you mean "ipchains" script, since ipfilter doesnt run on linux,
last I heard.
There certainly isn't a debian package for it.

What I can't understand is:

The "HOWTO" for ipchains gives a lovely example of a startup script.
It checks for the existence of /etc/ipchains.rules, and does things
appropriately.

So why isn't that script part of the debian packaged version of
ipchains?!!!

PS: 
for the security-concious, I suggest that it come with a default
protective entry, which should be generated by

ipchains -A input -p tcp -i eth0 -y -j DENY
ipchains-save >/etc/ipchains.rules

This blocks all attempts to make a tcp connection TO the box from outside,
on the standard ethernet interface.

Reply to:

Follow-Ups:
- Re: OT: /etc/init.d/networking & firewall
  - From: Lee Maguire <lee-debian@hexkey.co.uk>

References:
- Re: OT: /etc/init.d/networking & firewall
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: Re: Bug#68661: Should not remove pager's alternative on upgrade
Next by Date: BTS really broken
Previous by thread: Re: OT: /etc/init.d/networking & firewall
Next by thread: Re: OT: /etc/init.d/networking & firewall
Index(es):
- Date
- Thread