Re: OT: /etc/init.d/networking & firewall

To: Bernd Eckenfels <lists@lina.inka.de>
Cc: Domenico Andreoli <cavok@libero.it>, debian-devel@lists.debian.org
Subject: Re: OT: /etc/init.d/networking & firewall
From: Martijn van Oosterhout <kleptog@cupid.suninternet.com>
Date: Thu, 10 Aug 2000 23:48:42 +1000
Message-id: <[🔎] 3992B2AA.2A63281D@cupid.suninternet.com>
References: <[🔎] 20000808130546.B679@libero.it> <[🔎] 20000808151241.A26805@lina.inka.de>

Bernd Eckenfels wrote:
> 
> On Tue, Aug 08, 2000 at 01:05:46PM +0200, Domenico Andreoli wrote:
> > i'm just wondering where to put my firewall rules in order to make them
> > run on boot. i was thinking to hack /etc/init.d/networking, it seems
> > the best place but i don't drink that nobody already had this question.
> 
> Perhaps it would be the best to switch the ipchains to policy "default deny"
> at the start of networking and then set up the rules afterwards in your own
> script. fwctl is one of those options for setting up the rules.

This is a *bad* idea. It is better to simply add a rule at the
end of the chain: ipchains -A input -j DENY

It may look the same, but there is an important difference when
you run ipchains -F on a machine with no keyboard or screen...
-- 
Martijn van Oosterhout <kleptog@cupid.suninternet.com>
http://cupid.suninternet.com/~kleptog/

Reply to:

References:
- OT: /etc/init.d/networking & firewall
  - From: Domenico Andreoli <cavok@libero.it>
- Re: OT: /etc/init.d/networking & firewall
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: Re: New glibc 2.1.92 test packages (i386, powerpc, sparc)
Next by Date: Re: Intent To Split: netbase
Previous by thread: Re: OT: /etc/init.d/networking & firewall
Next by thread: how to bag with dpkg-deb?
Index(es):
- Date
- Thread