Gentoo Archives: gentoo-security

From: Thierry Carrez <koon@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] iptables window of opportunity at startup
Date: Tue, 07 Feb 2006 18:14:43
Message-Id: 43E8E205.507@gentoo.org
In Reply to: [gentoo-security] iptables window of opportunity at startup by Jon Mitchell
1 Jon Mitchell wrote:
2
3 > The current behaviour of a default Gentoo install is to load iptables
4 > after the network has been initialised. Upon shutting down likewise
5 > iptables is shutdown then the network interface. This strikes me as
6 > presenting a window of opportunity when the computer is exposed without
7 > iptables, albeit a small one.
8 >
9 > Do people on this list think there is any value in re-arranging this
10 > order by default?
11
12 Yes I do.
13
14 Bug 76624 was trying to push that change for shorewall, maybe it's time
15 to reactivate it with broader scope.
16
17 --
18 Thierry Carrez (Koon)
19 Gentoo Linux Security
20 --
21 gentoo-security@g.o mailing list