Gentoo Archives: gentoo-security

From: " Staffan Emrén " <staffan.emren@×××.se>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] iptables window of opportunity at startup
Date: Sat, 04 Feb 2006 21:10:25
In Reply to: Re: [gentoo-security] iptables window of opportunity at startup by Oliver Schad
However, as far as I know, iptables is perfectly happy creating rules for non-existent 
interfaces. Of course this can have changed, but when I first learned to use iptables 
the doc specifically sugested setting up iptables rules before bringing up the network. 
By the way, this is what I do at my firewall (allthough it runs debian, not gentoo), 
first starting iptables and then networking. Probably it's paranoid, but that way there 
is not even a theoretical possibility of an unsecure window during boot (for example, 
if a misconfiguration brings up a vulnerable service before the firewall is up).

/Staffan Emrén

Societas Archaeologica Upsaliensis
018 - 10 79 30

gentoo-security@g.o mailing list