[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init.d startup sequence for shorewall



On Tue, Dec 10, 2002 at 03:39:35PM -0800, Yogesh Sharma wrote:
> 
> In my opinion shorewall must be started as soon as network is up.
> 
> What does list sugguests ? Is this a security problem ?

Yes this is a security issue, if you take iptables, for example, it is run
in S10. Any firewalling script should run before (or at the same time) as
the network is brought up. 

Otherwise, you have a few moments in which you are forwarding packets (if
the networking script enables it) and you are not filtering them (unless
you have a default DROP policy before configuring the firewall)

Regards

	Javi


Attachment: pgpL4hknTx2mY.pgp
Description: PGP signature


Reply to: