Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Mariusz Pękala <skoot@...>
Subject: Re: iptables window of opportunity at startup
Date: Sat, 4 Feb 2006 23:51:13 +0100
On 2006-02-04 13:12:06 +0000 (Sat, Feb), Graham Murray wrote:
> Jon Mitchell <junk@...> writes:
> 
> > The current behaviour of a default Gentoo install is to load iptables
> > after the network has been initialised. Upon shutting down likewise
> > iptables is shutdown then the network interface. This strikes me as
> > presenting a window of opportunity when the computer is exposed without
> > iptables, albeit a small one.
> >
> > Do people on this list think there is any value in re-arranging this
> > order by default?
> 
> The problem with doing the other way is that iptables rules can
> reference the specific interfaces to which the rule applies. This will
> (AFAIK) fail if the interface does not exist when the rule is
> created. Therefore iptables has to be started after the network.

AFAIK that would not happen.
You may set a rule for non-existing interface and iptables will not
fail. If you do have two eth interfaces, try to set a rule for eth4 -
you will see (I hope) no error. I saw none.

I would vote for starting firewall before network, having my humble
opinion on that topic. :-)


-- 
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"
Trust me.
Attachment:
pgpyp42hsoYQ6.pgp (PGP signature)
Replies:
Re: iptables window of opportunity at startup
-- Matt Drew
References:
iptables window of opportunity at startup
-- Jon Mitchell
Re: iptables window of opportunity at startup
-- Graham Murray
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: iptables window of opportunity at startup
Next by thread:
Re: iptables window of opportunity at startup
Previous by date:
Re: iptables window of opportunity at startup
Next by date:
Re: iptables window of opportunity at startup


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.