Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: " Staffan Emrén " <staffan.emren@...>
Subject: Re: iptables window of opportunity at startup
Date: Sat, 4 Feb 2006 22:04:43 +0100
However, as far as I know, iptables is perfectly happy creating rules for non-existent 
interfaces. Of course this can have changed, but when I first learned to use iptables 
the doc specifically sugested setting up iptables rules before bringing up the network. 
By the way, this is what I do at my firewall (allthough it runs debian, not gentoo), 
first starting iptables and then networking. Probably it's paranoid, but that way there 
is not even a theoretical possibility of an unsecure window during boot (for example, 
if a misconfiguration brings up a vulnerable service before the firewall is up).

/Staffan Emrén

--
Societas Archaeologica Upsaliensis
018 - 10 79 30          www.sau.se


-- 
gentoo-security@g.o mailing list


References:
iptables window of opportunity at startup
-- Jon Mitchell
Re: iptables window of opportunity at startup
-- Oliver Schad
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: iptables window of opportunity at startup
Next by thread:
Re: iptables window of opportunity at startup
Previous by date:
Re: iptables window of opportunity at startup
Next by date:
Re: iptables window of opportunity at startup


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.