Re: Redhat 7.2 Kernel - Jason Costomiris

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Costomiris <jcostom@jasons.org>
To: Dorian Haasler <dorian@uptime.at>
Cc: 'Denis JULIEN' <denis.julien@vupublishing.net>,
	"'Mike G. Hammonds'" <mhammonds@knowledgeinenergy.com>,
	"'Iptables-User-list (E-mail)'" <netfilter@lists.samba.org>
Subject: Re: Redhat 7.2 Kernel
Date: Wed, 10 Jul 2002 09:10:02 -0400	[thread overview]
Message-ID: <20020710131001.GA1557@jasons.org> (raw)
In-Reply-To: <000c01c227ed$4f5a8520$050b10ac@tuq155u4834h40>

On Wed, Jul 10, 2002 at 10:39:24AM +0200, Dorian Haasler wrote:
: Why using rc.firewall scripts with RedHat? Write your script and at
: the of it use "iptables-save" to store the information!
: At the next reboot the iptables settings will be the same and you
: don´t need to run your script every time. Changes can done in
: /etc/sysconfig/iptables
: where the rules where stored!

One reason in particular to NOT run an rc.firewall out of rc.local on RedHat
(or any other system for that matter) is that by that time you've already 
brought up your network interfaces.  There's a window that's short, but is
still nonetheless exploitable to do damage.

RH loads the iptables policies FIRST, then brings up the i/f's.  

So basically, run your script, then run "service iptables save", and make
sure that iptables starts at boot.  You'll most likely also want to have
a look at /etc/sysctl.conf to tweak the ip forwarding setting.

-- 
Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
          Quidquid latine dictum sit, altum viditur.
                    My account, My opinions.

next prev parent reply	other threads:[~2002-07-10 13:10 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-07-09 18:12 Redhat 7.2 Kernel Denis JULIEN
2002-07-09 19:12 ` Glover George
2002-07-10  8:39   ` Dorian Haasler
2002-07-10 13:10     ` Jason Costomiris [this message]
  -- strict thread matches above, loose matches on Subject: below --
2002-07-09 14:17 Mike G. Hammonds
2002-07-09 14:38 ` R. Sterenborg
2002-07-09 17:20   ` Matthias Kattanek
2002-07-09 17:41     ` Jan Humme

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020710131001.GA1557@jasons.org \
    --to=jcostom@jasons.org \
    --cc=denis.julien@vupublishing.net \
    --cc=dorian@uptime.at \
    --cc=mhammonds@knowledgeinenergy.com \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.