Gentoo Archives: gentoo-security

From: Thierry Carrez <koon@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] iptables window of opportunity at startup
Date: Tue, 07 Feb 2006 18:14:43
In Reply to: [gentoo-security] iptables window of opportunity at startup by Jon Mitchell
Jon Mitchell wrote:

> The current behaviour of a default Gentoo install is to load iptables > after the network has been initialised. Upon shutting down likewise > iptables is shutdown then the network interface. This strikes me as > presenting a window of opportunity when the computer is exposed without > iptables, albeit a small one. > > Do people on this list think there is any value in re-arranging this > order by default?
Yes I do. Bug 76624 was trying to push that change for shorewall, maybe it's time to reactivate it with broader scope. -- Thierry Carrez (Koon) Gentoo Linux Security -- gentoo-security@g.o mailing list