[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables - computer hangs

On Mon, Apr 20, 2009 at 12:17 PM, Sthu Deus <sthu.deus@gmail.com> wrote:
> Thank You for Your time and answer, Javier:
>
>> Did you try to use your iptable script in post-up / pre-down hooks at
>> /etc/network/interfaces ? I think it is the best solution for that
>
> But I have to disagree w/ You - for once the network environment
> changes that is, say the machine will be out of a net, then the file
> running will cease on the interface initialization (or whatever) that
> will end up with not started firewall at all - that can be dangerous in
> cases of:
>
> a) there are rules for internal programs communications (that is within
> the machine);
>
> b) if a modem connection will be istablished - the machine will be just
> uncovered for the net (?Internet).

Ok, It was only my suggest, I don't have strong opinion about it
(thanks for your time and opinion too).
>
> Personally, I advice the topic author to make a script, make it
> running from some /etc/rcN.d, having small number after S. - Then the
> firewall will be launched independently on what the current network
> environment is. Disadvantage is there is a time between actual
> interface initialization moment and the moment the iptables rules are
> applied.
>
I don't like to add a local init script to debian system. Perhaps
better adding iptable rules to /etc/rc.local

Regards,
Reply to: