Re: OT: /etc/init.d/networking & firewall
[ Bernd Eckenfels writes ]
> On Wed, Aug 09, 2000 at 01:16:43AM +0200, Domenico Andreoli wrote:
> > i minded if any other method a little more upgrade-proof has already been
> > developed. this is again the same flame war of how to save admin's choises from
> > system upgrades. sometimes they came back. :)
> make your own ipfilter script or use fwctl.
Presumably, you mean "ipchains" script, since ipfilter doesnt run on linux,
last I heard.
There certainly isn't a debian package for it.
What I can't understand is:
The "HOWTO" for ipchains gives a lovely example of a startup script.
It checks for the existence of /etc/ipchains.rules, and does things
So why isn't that script part of the debian packaged version of
for the security-concious, I suggest that it come with a default
protective entry, which should be generated by
ipchains -A input -p tcp -i eth0 -y -j DENY
This blocks all attempts to make a tcp connection TO the box from outside,
on the standard ethernet interface.