[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crack traces in /var ?

On Fri, Jul 25, 2003 at 07:49:13PM +0200, Andreas von Heydwolff wrote:

> What I wonder is whether it is potentially dangerous for me to have
> iptables starting quite slowly on my 133MHz firewall machine, it takes
> maybe 10 seconds to get all the modules loaded while ntp already picks
> up the time and a net connection has seemingly already been
> established.  I power down my system almost daily to reduce risks and
> keep my power bill lower, so there is a certain window almost daily at
> startup. My IP address is a de facto fixed one from the cable
> provider.

Why not put a basic firewall in place prior to the network startup?
With default policys set to DROP, and rules to allow only necessary
traffic in and out.  After the network connections are up, you can then
add any interface/ip specific rules that are neccessary.  This can
either be tacked on to the existing minimal ruleset or you could flush
the rules (leaving policy at DROP) and build all new rules.

-- 
Jamin W. Collins

This is the typical unix way of doing things: you string together lots
of very specific tools to accomplish larger tasks. -- Vineet Kumar
Reply to: