From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: Requiste for starting service iptables
Date: Wed, 18 May 2005 11:20:01 -0400 [thread overview]
Message-ID: <20050518152001.GA4924@bender.817west.com> (raw)
In-Reply-To: <20050517205816.87529.qmail@web8407.mail.in.yahoo.com>
On Tue, May 17, 2005 at 09:58:16PM +0100, haynes george wrote:
> hi...
>
> i am trying to find out the services which should be
> started before the service iptables can be started.
>
> I have read thru the /etc/rc.d/init.d script and i
> think iptables depends on service network
>
> Does it depend on any other service to start...???Is
> there any method to know this ?
>
> I need to know this cause its for my college project.
there is no strict reason why the iptables startup script would depend
on networking being up. there's actually a pretty good argument that
iptables should start before networking is brought up to reduce
(eliminate?) the window of opportunity where the interfaces have IP
addresses, but no firewall rules are loaded.
one reason i could see why some people/vendors would want to wait for
networking to startup before iptables starts, is if the interfaces have
dynamic IP addresses that need to be calculated for the rules to be
loaded.
from a purely academic perspective, i would say that your firewall rules
should load before your interfaces have IP addresses.
-j
--
"Stewie: Forecast for tomorrow; A few sprinkles of genius with a chance
of doom."
--Family Guy
prev parent reply other threads:[~2005-05-18 15:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-17 20:58 Requiste for starting service iptables haynes george
2005-05-18 15:20 ` Jason Opperisano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050518152001.GA4924@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox