On Thu, Dec 12, 2002 at 04:18:17PM -0500, Raymond Wood wrote: > There have been several responses to Yogesh's question, but none > of them provide a clear and straightforward answer.
Ok. Let me try again: this is a security risk.
A gateway firewall _needs_ to be setup the following way:
0.- setup a default DROP policy, flush all policies
1.- startup network interfaces (but w/o forwarding)
2.- setup proper firewall rules
3.- enable forwarding
This makes sure that:
a.- the firewall cannot be attacked from the time the network is brought
up and the rules are setup (because of 0)
b.- the systems protected by the firewall cannot be attacked from the time
the network is brough up and forwarding is enabled (because 3 is done
_after_ 1 and _after_ 2)
Clear enough now?
Any firewall that does not startup this way is introducing a
security issue since the network (or the firewall) are _unprotected_ for
some time during startup (or when the firewall is restarted)
Of course: IMHO, YMMV...
Regards
Javi
pgpVHTeHsge3L.pgp
Description: PGP signature
