Re: debian way to start firewall

To: "Tom Furie" <tom@lamont.dyndns.org>, debian-user@lists.debian.org
Subject: Re: debian way to start firewall
From: "Octavio Alvarez" <alvarezp@alvarezp.ods.org>
Date: Thu, 03 May 2007 21:26:29 -0700
Message-id: <[🔎] op.trsbyfmq4oyyg1@localhost.localdomain>
In-reply-to: <[🔎] 20070504003047.GA19563@lamont.dyndns.org>
References: <[🔎] 463870A5.7070903@stekloprom.ru> <[🔎] op.trpf6few4oyyg1@localhost.localdomain> <[🔎] 20070504003047.GA19563@lamont.dyndns.org>

On Thu, 03 May 2007 17:30:47 -0700, Tom Furie <tom@lamont.dyndns.org>wrote:

On Wed, May 02, 2007 at 08:04:53AM -0700, Octavio Alvarez wrote:

You might as well put some iptables-restore at the endo of the "up"
of each interface in /etc/network/interfaces. This lets you control
your firewall per interface and have only the needed rules alive.


Wouldn't you be better putting the iptables-restore stuff in the pre-up
line? That way the firewall rules are in place before the interface is
live.


I'm not sure, but I guess not. Consider a line like

-A INPUT -i eth0 -j ACCEPT

Will iptables accept the "-i eth0" before eth0 actually exists? I don't
remember.

Cheers.

--
Octavio.

Reply to:

References:
- debian way to start firewall
  - From: Vladi Lemurov <fix@stekloprom.ru>
- Re: debian way to start firewall
  - From: "Octavio Alvarez" <alvarezp@alvarezp.ods.org>
- Re: debian way to start firewall
  - From: Tom Furie <tom@lamont.dyndns.org>

Prev by Date: Re: Please help - printing gone after upgrade to Etch
Next by Date: Re: same problem
Previous by thread: Re: debian way to start firewall
Next by thread: RE: debian way to start firewall
Index(es):
- Date
- Thread