Pierre Fortin <[EMAIL PROTECTED]> writes:
> ...
> This is minimal NAT... you probably want to firewall your
> network... There are probably many different ways to do it; but
> here's what I used to have...
>
> /etc/rc.d/rc.local:
> #rc.firewall script - Start IPMASQ and the firewall
> /etc/rc.d/rc.firewall
>
> /etc/rc.d/rc.firewall:
> See http://rob.acol.com/~wlug/files/ipchains-firewall/ipchains-firewall.htm
> and http://www.linux-firewall-tools.com/
Felix and Pierre,
rc.local is, unfortunately, not a good place to start up your
firewall. It runs much too late in the boot process. It's important
to configure ipchains *before* you enable your network interfaces so
that there won't be an interval during which you're not protected.
The startup script /etc/rc.d/init.d/ipchains which is part of
ipchains-1.3.9-6mdk.rpm is set up correctly to be started *before* the
network startup script runs. And, of course, it doesn't shut ipchains
down until after shutting down the network interfaces.
{Bryan}
--
Bryan D Howard <[EMAIL PROTECTED]>