the same should be true for gentoo...
there is a bug already: http://bugs.gentoo.org/show_bug.cgi?id=27087
Thomas T. Veldhouse wrote:
The problem I see with this method of using the iptables initscript is that it starts after network (obviously). Network starts via net.ethX and has defaulted everything to WIDE OPEN ... accept all packets! It is not until after the iptables script is run that the network becomes protected (assuming a decent firewall). Granted, the period of time things are open is small, it is a security hole. FreeBSD for instance will default to all network traffic denied until firewall rules are set to tell it otherwise. This should be the Linux default as well IMHO.
There probably should be a knob in the network scripts to block all network activity until the firewall scripts run to tell it otherwise. Perhaps a simple switch in /etc/conf.d/net that says FIREWALL=true which would force the default to be to deny all packets.
Tom Veldhouse
gabriel wrote:
On November 19, 2003 02:59 pm, Tiago Lima wrote:
Sorry for this newbie question but what is the "best" way to start iptables (and rules) on boot time?
hmmm. while i can't tell you the "best" way, i can tell you what i did. i wrote a startup script with the following contents. it may not have been the best route to go, but this way, i have a panic button if i need it ;-)
#!/sbin/runscript
# # rc.firewall # firewall script for alexandria #
opts="start stop panic"
depend() { need net }
start() {
ebegin "Enabling firewall"
# >>>>>>>>>>>>>>>> firewall rules go here <<<<<<<<<<<<<<<<
eend $?
}
stop() {
ebegin "Disabling firewall"
iptables --policy INPUT ACCEPT iptables --policy OUTPUT ACCEPT iptables --policy FORWARD ACCEPT
iptables -t filter --flush
iptables -t filter --delete-chain
eend $?
}
panic() {
ebegin "SHIELDS! WHERE ARE MY SHIELDS???"
iptables -t filter --flush
iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT
iptables --policy INPUT DROP iptables --policy OUTPUT DROP
iptables -t filter --delete-chain
eend $?
}
-- understand that legal and illegal are political, and often arbitrary, categorizations; use and abuse are medical, or clinical, distinctions. - abbie hoffman
-- [EMAIL PROTECTED] mailing list
-- Bryan Whitehead Email:[EMAIL PROTECTED] WorkE:[EMAIL PROTECTED]
-- [EMAIL PROTECTED] mailing list