Re[2]: iptables how ?

Jonathan B. Bayer Mon, 17 Sep 2001 05:38:50 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Jack,

Isn't paranoia such a wonderful thing?

In reality, unless you have a big red target painted on your site, the
chances of a script kiddie hitting your system AND doing damage in the
two second frame is so small os to be laughable.

I've been using ipchains up until now (am switching to iptables soon),
and simply had my chains rules execute right after the network came up.
I timed it, the kiddies had maybe 1/2 a second in which to do something.
And unless there are network services running, they wouldn't be able to
do anything anyway.


JBB


Sunday, September 16, 2001, 1:49:33 AM, you wrote:

JB> ** Reply to message from Rob Unsworth <[EMAIL PROTECTED]> on Sun, 16 Sep
JB> 2001 10:22:00 -1000 (GMT+10)


>> I recently installed RH 7.1 on a test box without a firewall, now that I
>> want to set up a firewall, I can find plenty of info on iptable rulesets
>> but nothing on the process of setup ie, where to put everything, what
>> steps to take.

JB> Since iptables has the ability to define rules for interfaces that are not yet
JB> activated, an iptables script will theoretically be most effective if executed
JB> before your network interfaces are initialized. Thus, IMHO,  the best place for
JB> this script is to place it in the initscripts before the network script (which
JB> is S10network in RH initscripts). I have an S09firewall before the S10network.

JB> Of course, you could live dangerously and put the script in rc.local and hope
JB> that no script kiddie hits your box in the 4 or 5 seconds it takes to go from
JB> initializing the network interfaces to running the rc.local which is always the
JB> last to be run.

JB> Jack Bowling
JB> mailto: [EMAIL PROTECTED]



JB> _______________________________________________
JB> Seawolf-list mailing list
JB> [EMAIL PROTECTED]
JB> https://listman.redhat.com/mailman/listinfo/seawolf-list



- --
Best regards,
 Jonathan                            mailto:[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjul6nsACgkQxQhxe/20cF5r6wCfZ7Zy9BzA/RcQs1gDTr2Deci8
wPkAnRjSeyfrAAVeJNeiSa2Nnw1CXJ5y
=f4Ak
-----END PGP SIGNATURE-----



_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
Re[2]: iptables how ?

Reply via email to
