[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: routing help on dual homed box

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 07 January 2002 6:32 pm, Ron Johnson wrote:

> As for the firewall script, I put it in /etc/init.d, and execute
> it from /etc/init/networking, just after the "ifup -a".
>
> If you have a better place to put it, I'd love to hear it...
>

As I said in an earlier post in this thread - you need the firewall there 
BEFORE networking (otherwise there is a small window for attackers to get in 
before your firewall is in place).  As I also said if you look in /etc/rcS.d 
ifupdown is linked in as S39ifupdown (and didn't say networking is linked in 
as S40networking) - so I linked my firewall script as S38firewall.  I kept it 
independent of networking as the debian style is to break things into 
individual files so that packages can be upgrading without breaking.

> On Monday 07 January 2002 11:57 am, Alan Chandler wrote:
> > On Monday 07 January 2002 2:57 pm, Serge Rey wrote:

I think you got the last reply out of step by one - you attributed the 
problems to me - I didn't have them.
- -- 

  Alan - alan@chandlerfamily.org.uk
http://www.chandlerfamily.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Oe3o1mf3M5ZDr2kRAuGBAJ0R4nQ8wrTK/hvMN2swd7YmnmA7pQCeMkuF
qQufBQwvp2YoKVdiWAmYzgw=
=3peV
-----END PGP SIGNATURE-----
Reply to: