List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 2006-02-04 13:12:06 +0000 (Sat, Feb), Graham Murray wrote:
> Jon Mitchell <junk@...> writes:
> > The current behaviour of a default Gentoo install is to load iptables
> > after the network has been initialised. Upon shutting down likewise
> > iptables is shutdown then the network interface. This strikes me as
> > presenting a window of opportunity when the computer is exposed without
> > iptables, albeit a small one.
> > Do people on this list think there is any value in re-arranging this
> > order by default?
> The problem with doing the other way is that iptables rules can
> reference the specific interfaces to which the rule applies. This will
> (AFAIK) fail if the interface does not exist when the rule is
> created. Therefore iptables has to be started after the network.
AFAIK that would not happen.
You may set a rule for non-existing interface and iptables will not
fail. If you do have two eth interfaces, try to set a rule for eth4 -
you will see (I hope) no error. I saw none.
I would vote for starting firewall before network, having my humble
opinion on that topic. :-)
No virus found in this outgoing message.
Checked by "grep -i virus $MESSAGE"