Re: Dynamic IP Address

To: debian-firewall@lists.debian.org
Subject: Re: Dynamic IP Address
From: Michael Wood <wood@kingsley.co.za>
Date: Mon, 26 Mar 2001 15:29:25 +0200
Message-id: <20010326152925.B26937@lion.kingsley.co.za>
In-reply-to: <3ABF4226.2631B667@ozemail.com.au>; from mdevin@ozemail.com.au on Mon, Mar 26, 2001 at 11:20:38PM +1000
References: <3ABF252D.22C6A0F1@maunsell.co.uk> <3ABF4226.2631B667@ozemail.com.au>

On Mon, Mar 26, 2001 at 11:20:38PM +1000, Mark Devin wrote:
> Michael Boyd wrote:
> 
[snip]
> Make sure that the first part of your firewall script includes
> lines like:
> iptables -F
> iptables -X
> so that the rules set up by the initial firewall are deleted
> when the real firewall is installed.
[snip]

I would suggest something along these lines:
1.)  Set policy for input/output/forward chains to DENY
2.)  Flush all rules and delete all user defined chains (-F and
	-X)
3.)  Set up rules you want.
4.)  Change policy of chains to something else if you don't want
	them to be DENY (although that is usually best.)

Then you won't have any time window where your policy is ACCEPT,
you've just flushed all rules and are about to add new ones.

-- 
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

Reply to:

References:
- Dynamic IP Address
  - From: Michael Boyd <Michael.Boyd@maunsell.co.uk>
- Re: Dynamic IP Address
  - From: Mark Devin <mdevin@ozemail.com.au>

Prev by Date: Re: Dynamic IP Address
Next by Date: Re: newbie networking
Previous by thread: Re: Dynamic IP Address
Next by thread: Run Levels and Location of Firewall Scripts
Index(es):
- Date
- Thread