Gentoo Archives: gentoo-security

From: xyon <xyon@×××××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] iptables window of opportunity at startup
Date: Tue, 07 Feb 2006 17:51:53
Message-Id: ME-1F6Wrg-0001Mt-V5@indigorobot.com
In Reply to: Re: [gentoo-security] iptables window of opportunity at startup by Francois Toussenel
1 I am coming into this conversation late, and I apologize if this is
2 already said, but:
3
4 When iptables/firewall 'stops', I have it drop all connections, so having
5 iptables stop before net.eth{0,1,etc} during shutdown isn't a problem.
6
7 Hope this helps
8
9
10 On Tue, February 7, 2006 12:16, Francois Toussenel wrote:
11 > On Sun, 5 Feb 2006 13:29:55 +0100 Tobias Klausmann
12 > <klausman@××××××××××××.de> wrote:
13 >
14 >> Which *should* make iptables start before net.* (maybe except
15 >> net.lo). And sure enough, the boot sequence is:
16 >
17 > This depends on the runlevels in which you have iptables and net.eth0.
18 > Could you please post the output of the following command?
19 >
20 > # rc-update show | grep 'iptables\|net\.'
21 >
22 > By having iptables in boot and net.eth0 in default, iptables starts
23 > before net.eth0, but it also stops before services and of course
24 > net.eth0. Does somebody know a setting to avoid that?
25 >
26 > (I would add that one might want to never respond to pings, for
27 > instance, so starting iptables between net.eth0 and services seems not
28 > enough.)
29 >
30 > Regards,
31 >
32 > Francois
33 > --
34 > gentoo-security@g.o mailing list
35 >
36 >
37
38
39 --
40 Steven McCoy
41 Site Development/Manager
42 IndigoRobot Services
43 http://www.indigorobot.com
44 mailto:stevenmccoy@×××××××××××.com
45
46 --
47 gentoo-security@g.o mailing list