Re: Firewalling

To: debian-security@lists.debian.org
Subject: Re: Firewalling
From: Giacomo Mulas <gmulas@ca.astro.it>
Date: Tue, 13 Mar 2001 11:31:28 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.21.0103131115230.4389-100000@capitanata.ca.astro.it>
In-reply-to: <[🔎] 20010313210744.B757@aussiegeek.net>

On Tue, 13 Mar 2001, Alan Harper wrote:

> On Tue, Mar 13, 2001 at 11:01:58AM +0100, Victor Foitzik wrote:
> > At 08:15 13.03.2001, Craig wrote:
> > 
> > >Have created a file which contains all my ipchains rules and I would like
> > >it to start when the machine loads. Not sure where the best place is for 
> > >this. I used to use rc.local on RH but was told that this is a bush job and 
> > >very sloppy as for debian, well used to use the network file on slink.
> > 
> > Just another hint, make sure your script is started _before_ network 
> > interfaces are brought up. Otherwise your firewall will be completely _open_ 
> > (for just a short period of time, but it will be). A useful place where to 
> > put a link to your script is rcS.d, just before networking is launched.
> > 
> My illegal way of doing this is running my firewell script in /etc/rcS.d

If you _really_ want to be pesky about it, you may want to put a line such
as

pre-up /etc/init.d/yourfirewallscript start

in the /etc/network/interfaces file, in the description of all the
affected network interfaces. Or you may put a soft link to
/etc/init.d/yourfirewallscript in the /etc/network/if-pre-up.d directory.
This may give you a lot of flexibility, you may initialise different
firewalling rules for different interfaces, before they are brought up
and/or down. But in most situations, where such finely grained
flexibility is not needed, a simple, perhaps inelegant but very
effective link in rcS.d will do the trick. I confess I did it this way in
my laptop actually... :)

Bye
Giacomo

_________________________________________________________________

Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________

OSSERVATORIO  ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216     Fax : +39 070 71180 222
_________________________________________________________________

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)
_________________________________________________________________

Reply to:

References:
- Re: Firewalling
  - From: Alan Harper <Alan.Harper@lwd.net.au>

Prev by Date: Re: Firewalling
Next by Date: Re: 127.0.0.0/8 addresses from the network
Previous by thread: Re: Firewalling
Next by thread: Allow FTP in, but not shell login
Index(es):
- Date
- Thread