Re: Proper place for IPCHAINS rules

[Bryan Scaringe <Bryan.Scaringe@computer.org>]

thanks too all who replied.  I think that for now, I will do something
like what is suggested below, except to run it AFTER the networking
is up, since the scripts depend on me knowing my IP Address, which
I get through DHCP (so networking has to be up).  Shouldn't leave me
volnerable for more than a few msec.

Bryan

On 16-Nov-99 Onno wrote:
> BEWARE:
> 
> Follow the instructions in IPCHAINS HOWTO... BUT the HOWTO contains
> SEVERE flaws!!!
> 
> Create a script to setup ipchains and run it early in the bootup procedure.
> I have a script called 'ipchains' in /etc/init.d and made a symbolic link
> called 'S39ipchains' to '/etc/init.d/ipchains' in the
> '/etc/rcS.d' directory. This way the script will be run before S40network
> (sets the ethernet interfaces). It's better not to make a link in rc6.d
> for shutdown... let the firewall die with the kernel ;-)
> 
> PS: the script in IPCHAINS HOWTO is flawed too...
> 
> Regards,
> 
> Onno
> 
> 
> At 09:54 PM 11/15/99 -0500, Bryan Scaringe wrote:
>>I would like to setup IPChains on my machine.  I can't seem to find
>>any file under /etc/init.d/ for ipchains (networking only handles
>>spoof protection).  Where do you folks start your ipchains or ipfwadm
>>rules?
>>
>>Thanks,
>>         Bryan
>>
>>
>>--
>>Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < 
>>/dev/null
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org <
> /dev/null