Re: some reality about iptables, please
On Wed, 2003-08-27 at 00:19, Bret Comstock Waldow wrote:
> On Tue, 2003-08-26 at 23:14, Kevin Mark wrote:
>
> > you can read /etc/init.d/iptables comments for info.
>
> Hmmm. On reading, I notice a function named "initd_clear" called by an
> argument of "clear". Running this leaves the system open - all targets
> are "ACCEPT".
>
> The README in /etc/init.d points at the Debian Policy manual, and this
> mentions several standard arguments for init.d scripts - "clear" isn't
> one of them.
>
> How would I find out what (if anything) calls with this argument? If
> some automated process is going to call this, it will leave my system
> with an open firewall, and I need to know to plan around it.
<snip>
the script can not be accessed by anyone. it can only be called inside
the script which can only be run by a root user. So it doesnt see to be
security concern (but I'm not a security expert -- will the local guru
commment)
-k
Reply to: