On Sat, 14 Dec 2002, bong sabolboro wrote:
> I am currently implementing a firewall using a
> notebook and Debian Woody. What is the best place to
> put the firewall rules that I want implemented for my
> local setup?
There are a few possible alternatives. The main point is that you want
your fi
On Sat, 14 Dec 2002, bong sabolboro wrote:
> I am currently implementing a firewall using a
> notebook and Debian Woody. What is the best place to
> put the firewall rules that I want implemented for my
> local setup?
There are a few possible alternatives. The main point is that you want
your fi
bong sabolboro, 2002-Dec-15 19:43 -0800:
> All of these discussions deal with the rules. Where
> would one place the routing and forwarding commands
> considering they should be last to be activated after
> rules have been set up, in case="start" of
> /etc/init.d/networking?
Here's the order of
All of these discussions deal with the rules. Where
would one place the routing and forwarding commands
considering they should be last to be activated after
rules have been set up, in case="start" of
/etc/init.d/networking?
Thanks to all who shared their expertise in the
discussions here. I've
bong sabolboro, 2002-Dec-15 19:43 -0800:
> All of these discussions deal with the rules. Where
> would one place the routing and forwarding commands
> considering they should be last to be activated after
> rules have been set up, in case="start" of
> /etc/init.d/networking?
Here's the order of
All of these discussions deal with the rules. Where
would one place the routing and forwarding commands
considering they should be last to be activated after
rules have been set up, in case="start" of
/etc/init.d/networking?
Thanks to all who shared their expertise in the
discussions here. I've
Nicolas Boullis <[EMAIL PROTECTED]> writes:
[snip]
>> # Drop spoofed packets
>> iptables -A INPUT -i eth0 -j DROP -s 192.168.1.3 -d 0.0.0.0/0
What about outgoing spoofed packets? They didn't get dropped in this script
at all. It's only a selfish half-hearted firewall if all it does is to
protect
Hi!
On Sun, Dec 15, 2002 at 09:07:21AM -0800, Torrin wrote:
> /etc/network/if-pre-up.d/iptables
>
> #!/bin/sh
>
> if [ `uname -r | cut -b -3` != "2.4" ]; then
> # echo "Not a 2.4 kernel. Exiting iptables firewall script.";
>exit 0;
> fi
>
> # This deletes existing tables
> iptables -F
>
On Sun, 15/12/2002 10:24 +0100, Vasarhelyi asd Daniel wrote:
> Putting it into /etc/rc.boot will not harm the system. I think it's the
> best place to put the script, it's ran before entering runlevel-2 which
> sets up network interfaces.
"The /etc/rc.boot directory is obsolete. It has been supers
Nicolas Boullis <[EMAIL PROTECTED]> writes:
[snip]
>> # Drop spoofed packets
>> iptables -A INPUT -i eth0 -j DROP -s 192.168.1.3 -d 0.0.0.0/0
What about outgoing spoofed packets? They didn't get dropped in this script
at all. It's only a selfish half-hearted firewall if all it does is to
protect
Hi!
On Sun, Dec 15, 2002 at 09:07:21AM -0800, Torrin wrote:
> /etc/network/if-pre-up.d/iptables
>
> #!/bin/sh
>
> if [ `uname -r | cut -b -3` != "2.4" ]; then
> # echo "Not a 2.4 kernel. Exiting iptables firewall script.";
>exit 0;
> fi
>
> # This deletes existing tables
> iptables -F
>
On Sun, 15/12/2002 10:24 +0100, Vasarhelyi asd Daniel wrote:
> Putting it into /etc/rc.boot will not harm the system. I think it's the
> best place to put the script, it's ran before entering runlevel-2 which
> sets up network interfaces.
"The /etc/rc.boot directory is obsolete. It has been supers
Putting it into /etc/rc.boot will not harm the system. I think it's the
best place to put the script, it's ran before entering runlevel-2 which
sets up network interfaces.
asd
--
Daniel "asd" Vasarhelyi
PGP key avaible at http://asd.musichello.com/gpg-pub.key and public keyservers
Key fingerprint
Hi,
Torrin <[EMAIL PROTECTED]> writes:
> > I presume you call these scripts from some other
> > script? From /etc/init.d/networking perhaps?
> No need to. I've never seen documentation on this, but from what I
> understand, if you put a script in the if-pre-up.d directory it gets
> call automati
> networking goes down. Can anybody point us to the relevant
> documentation?
last I knew there wasn't any, it was a todo item
I wrote a quicky stub logger that logs its environment and how it was
called, this is what I found:
called as "/etc/network/if-pre-up.d/pre-up" (no arguments), nothing
Putting it into /etc/rc.boot will not harm the system. I think it's the
best place to put the script, it's ran before entering runlevel-2 which
sets up network interfaces.
asd
--
Daniel "asd" Vasarhelyi
PGP key avaible at http://asd.musichello.com/gpg-pub.key and public keyservers
Key fingerprint
Hi,
Torrin <[EMAIL PROTECTED]> writes:
> > I presume you call these scripts from some other
> > script? From /etc/init.d/networking perhaps?
> No need to. I've never seen documentation on this, but from what I
> understand, if you put a script in the if-pre-up.d directory it gets
> call automati
> networking goes down. Can anybody point us to the relevant
> documentation?
last I knew there wasn't any, it was a todo item
I wrote a quicky stub logger that logs its environment and how it was
called, this is what I found:
called as "/etc/network/if-pre-up.d/pre-up" (no arguments), nothing
> /etc/network/if-pre-up.d/iptables
Oops, that second script is supposed to be
/etc/network/if-post-down.d/iptables
^^
> #!/bin/sh
>
> if [ `uname -r | cut -b -3` != "2.4" ]; then
> # echo "Not a 2.4 kernel. Exiting iptables firewall script.";
>exit 0;
> fi
>
> #
> I presume you call these scripts from some other
> script? From /etc/init.d/networking perhaps?
No need to. I've never seen documentation on this, but from what I
understand, if you put a script in the if-pre-up.d directory it gets
call automatically just before networking comes up. Also, if yo
> /etc/network/if-pre-up.d/iptables
Oops, that second script is supposed to be
/etc/network/if-post-down.d/iptables
^^
> #!/bin/sh
>
> if [ `uname -r | cut -b -3` != "2.4" ]; then
> # echo "Not a 2.4 kernel. Exiting iptables firewall script.";
>exit 0;
> fi
>
> #
> I presume you call these scripts from some other
> script? From /etc/init.d/networking perhaps?
No need to. I've never seen documentation on this, but from what I
understand, if you put a script in the if-pre-up.d directory it gets
call automatically just before networking comes up. Also, if yo
--- Kjetil Kjernsmo <[EMAIL PROTECTED]> wrote:
> On Saturday 14 December 2002 22:53, bong sabolboro
> wrote:
> > I am currently implementing a firewall using a
> > notebook and Debian Woody. What is the best place
> to
> > put the firewall rules that I want implemented for
> my
> > local setup?
>
On Saturday 14 December 2002 22:53, bong sabolboro wrote:
> I am currently implementing a firewall using a
> notebook and Debian Woody. What is the best place to
> put the firewall rules that I want implemented for my
> local setup?
Check out the "Securing Debian Manual", specifically section 5.1
> What is the best place to
> put the firewall rules that I want implemented for my
> local setup?
I made them into a script and put them in.
/etc/network/if-pre-up.d
/etc/network/if-post-down.d
--
http://www.torrin.net
I am currently implementing a firewall using a
notebook and Debian Woody. What is the best place to
put the firewall rules that I want implemented for my
local setup?
Do I make a new script in /etc/init.d and make links
to it from the various run levels or do I place them
within network script?
--- Kjetil Kjernsmo <[EMAIL PROTECTED]> wrote:
> On Saturday 14 December 2002 22:53, bong sabolboro
> wrote:
> > I am currently implementing a firewall using a
> > notebook and Debian Woody. What is the best place
> to
> > put the firewall rules that I want implemented for
> my
> > local setup?
>
On Saturday 14 December 2002 22:53, bong sabolboro wrote:
> I am currently implementing a firewall using a
> notebook and Debian Woody. What is the best place to
> put the firewall rules that I want implemented for my
> local setup?
Check out the "Securing Debian Manual", specifically section 5.1
> What is the best place to
> put the firewall rules that I want implemented for my
> local setup?
I made them into a script and put them in.
/etc/network/if-pre-up.d
/etc/network/if-post-down.d
--
http://www.torrin.net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubsc
I am currently implementing a firewall using a
notebook and Debian Woody. What is the best place to
put the firewall rules that I want implemented for my
local setup?
Do I make a new script in /etc/init.d and make links
to it from the various run levels or do I place them
within network script?
30 matches
Mail list logo
