Re: routing help on dual homed box
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 07 January 2002 12:50 pm, Alan Chandler wrote:
> On Monday 07 January 2002 6:32 pm, Ron Johnson wrote:
> > As for the firewall script, I put it in /etc/init.d, and execute
> > it from /etc/init/networking, just after the "ifup -a".
> >
> > If you have a better place to put it, I'd love to hear it...
>
> As I said in an earlier post in this thread - you need the firewall
> there BEFORE networking (otherwise there is a small window for
> attackers to get in before your firewall is in place). As I also
Good thought.
However, with a dhcp-assigned fully-routable IP address, how
can you create rules on it without 1st knowing the address?
So, mustn't you make it S38firewall?
Of course, if you have a dhcp-assigned address that never
changes, I guess you could fudge things.
> said if you look in /etc/rcS.d ifupdown is linked in as S39ifupdown
> (and didn't say networking is linked in as S40networking) - so I
> linked my firewall script as S38firewall. I kept it independent of
> networking as the debian style is to break things into individual
> files so that packages can be upgrading without breaking.
I wonder why you have S39ifupdown, but I have S40networking?
"S40networking start" basically only does "ifup -a". Likewise,
"stop" just does "ifdown -a".
- --
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@home.com |
| Jefferson, LA USA http://ronandheather.dhs.org:81 |
| |
! "Fair is where you take your cows to be judged." !
! Unknown !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8OfUQjTz5dS9Us5wRAkWQAJ9k8esU8xZs2CvO17jWcTeqEBe9DACdGnNb
tnCwbTOB6j9Es92JtxYwMPM=
=nmwR
-----END PGP SIGNATURE-----
Reply to: