Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] iptables window of opportunity at startup
Date: Sat, 04 Feb 2006 17:30:03
Message-Id: 200602041822.40190.o.schad@web.de
In Reply to: [gentoo-security] iptables window of opportunity at startup by Jon Mitchell
Am Samstag, 4. Februar 2006 13:50 schrieb mir Jon Mitchell:
> The current behaviour of a default Gentoo install is to load iptables > after the network has been initialised. Upon shutting down likewise > iptables is shutdown then the network interface. This strikes me as > presenting a window of opportunity when the computer is exposed > without iptables, albeit a small one. > > Do people on this list think there is any value in re-arranging this > order by default?
No this doesn't offers a hole, when no service is running and routing is deactivated. So all services have to be started after iptables rules. Same for routing. Iptables doesn't have to protect the TCP/IP stack but a network behind the host or services on that host. Best regards Oli -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] iptables window of opportunity at startup Jon Mitchell <junk@×××××××.uk>
Re: [gentoo-security] iptables window of opportunity at startup " Staffan Emrén " <staffan.emren@×××.se>