Re: Please critique my iptables-based firewall

To: debian-firewall@lists.debian.org
Subject: Re: Please critique my iptables-based firewall
From: Alexander Clouter <alexander.clouter@ic.ac.uk>
Date: Fri, 24 May 2002 20:32:15 +0100
Message-id: <[🔎] 20020524193215.GB695@digriz>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 20020522111329.GA31178@thebox>
References: <[🔎] 000701c1fd21$2eb2c360$0200a8c0@ROPRIMARY> <[🔎] 20020522111329.GA31178@thebox>

On May 22, Rob Weir wrote:
>
> I'm not an iptables expert, but I would suggest that  this should be
> the very last thing in the script, after all the rules have been set
> up.  Otherwise you've created a race condition that could
> (conceivably) cause a lot of pain.
> 
no no no.  All it does is set a runtime variable in the kernel to permit it
to forward TCP packets if need be.  You could say that it is nothing to do
with iptables.

Alex

-- 
 ___________________________________ 
/ Laugh, and the world ignores you. \
\ Crying doesn't help either.       /
 ----------------------------------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Attachment: pgpxa0IN9Lhkh.pgp
Description: PGP signature

Reply to:

References:
- Please critique my iptables-based firewall
  - From: LunarFox <lunar@comcast.net>
- Re: Please critique my iptables-based firewall
  - From: Rob Weir <rweir@softhome.net>

Prev by Date: Re: where is tcp_syncookies
Next by Date: unsubscribe
Previous by thread: Re: Please critique my iptables-based firewall
Next by thread: Regardez la télé avec votre chat ! Gagnez un home cinéma sur www.whiskas.fr
Index(es):
- Date
- Thread