Re: Why not have firewall rules by default?
Michael Loftis wrote:
[snip]
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very efficient at processing firewall
rules. Newer kernels might be though (I honestly haven't looked as
deeply into this in late 2.6 as i did/do in 2.4...2.4 processes
firewall rules strictly step by step)
The processing of Netfilter rules has not fundamentally changed from 2.4
to 2.6.
However, there is a way to load rules in a monilithic way, by using
iptables-restore, in place
of calling "iptables" multiple times. (IIRC, at some point in the past,
debian used that to save
rules at system shutdown and reload them at boot, but I may be wrong).
Vincent
Reply to: