Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Hi!
On Tue, 07 Feb 2006, Francois Toussenel wrote:
> On Sun, 5 Feb 2006 13:29:55 +0100 Tobias Klausmann <klausman@...> wrote:
>
> > Which *should* make iptables start before net.* (maybe except
> > net.lo). And sure enough, the boot sequence is:
>
> This depends on the runlevels in which you have iptables and net.eth0.
> Could you please post the output of the following command?
>
> # rc-update show | grep 'iptables\|net\.'
>
> By having iptables in boot and net.eth0 in default, iptables starts
> before net.eth0, but it also stops before services and of course
> net.eth0. Does somebody know a setting to avoid that?
I'm using the defaults for both (i.e. I did what's in the install
handbook):
$ rc-update show | grep 'iptables\|net\.'
iptables | default
net.eth0 | default
net.lo | boot
I really don't understand what happened on the original poster's
machine. My (wild) guess is, that somehow parallel startip messed
it up, but that would be a bug in the parallel startip code.
> (I would add that one might want to never respond to pings, for
> instance, so starting iptables between net.eth0 and services seems not
> enough.)
Why (outside of s specific attack in that area) would one *not*
respond to pings? Outside from a specific attack in that area
happening, I see no reason to do so.
Regards,
Tobias
--
You don't need eyes to see, you need vision.
--
gentoo-security@g.o mailing list
|
|
