Re: Please critique my iptables-based firewall

To: debian-firewall@lists.debian.org
Subject: Re: Please critique my iptables-based firewall
From: Rob Weir <rweir@softhome.net>
Date: Wed, 22 May 2002 21:13:29 +1000
Message-id: <[🔎] 20020522111329.GA31178@thebox>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 000701c1fd21$2eb2c360$0200a8c0@ROPRIMARY>
References: <[🔎] 000701c1fd21$2eb2c360$0200a8c0@ROPRIMARY>

On Thu, May 16, 2002 at 05:32:29PM -0400, LunarFox wrote:
>echo 1 > /proc/sys/net/ipv4/ip_forward			# Enable masq below
I'm not an iptables expert, but I would suggest that  this should be
the very last thing in the script, after all the rules have been set
up.  Otherwise you've created a race condition that could
(conceivably) cause a lot of pain.

-rob

Attachment: firegate.quU9MV
Description: Binary data

Attachment: pgpzuc6Uw9MVX.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Please critique my iptables-based firewall
  - From: Alexander Clouter <alexander.clouter@ic.ac.uk>

References:
- Please critique my iptables-based firewall
  - From: LunarFox <lunar@comcast.net>

Prev by Date: Re: My first firewall
Next by Date: smurf attack
Previous by thread: Please critique my iptables-based firewall
Next by thread: Re: Please critique my iptables-based firewall
Index(es):
- Date
- Thread