Re: Firewall/init scripts problem

To: debian-user@lists.debian.org
Subject: Re: Firewall/init scripts problem
From: ronin2@bellatlantic.net
Date: Sun, 16 Mar 2003 10:06:36 -0500
Message-id: <[🔎] 20030316100636.5666cc39.ronin2@bellatlantic.net>
In-reply-to: <[🔎] 1047823507.3589.12.camel@zarathustra.berg21.ch>
References: <[🔎] 1047823507.3589.12.camel@zarathustra.berg21.ch>

On 16 Mar 2003 15:05:07 +0100
Aaron Isotton <aaron@isotton.com> wrote:

> 
> My problem is:  where should $STORAGE_FILE go?

I vote for a directory called /etc/iptables.

> 
> - I'd like to bring up the firewall before the network interfaces;
> these are brought up in /etc/rcS.d/S39ifupdown; thus it should start
> before that.

If your firewall rules are include references to network interfaces, can
you start the firewall before the interfaces exist?

A paranoid secure way to do what I think you want is to start the
firewall with a few rules that block all network traffic, then start the
network, then replace the block-everything rules with the ones you
really want to use.

Kevin

Reply to:

Follow-Ups:
- Re: Firewall/init scripts problem
  - From: Aaron Isotton <aaron@isotton.com>

References:
- Firewall/init scripts problem
  - From: Aaron Isotton <aaron@isotton.com>

Prev by Date: Re: Firewall/init scripts problem
Next by Date: Error while trying to compile PPC-Kernel 2.4.21-pre5 on a Debian Apple PPC G4 dual-533
Previous by thread: Re: Firewall/init scripts problem
Next by thread: Re: Firewall/init scripts problem
Index(es):
- Date
- Thread