[994] in linux-security and linux-alert archive
[linux-security] Suggestion for Linux default fw policy (fwd)
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Fri Aug 9 15:03:51 1996
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 9 Aug 1996 17:52:25 +0200 (METDST)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
X-Return-Receipt-To: wolff@erasmus.et.tudelft.nl
Graeme Elsworthy <graemee@tplrd.tpl.oz.au> wrote:
> Why? Because for the time between an interface being ifconfig'ed and
> the filtering rules being set the interface is set to "accept" all and
> every packet. This is not good. Especially if, as in my case, a reboot
> freezes between the ifconfig and the setting of the filtering rules - the
> interface is up and forwarding all packets, not filtering packets as
> needed, and nothing but manual intervention could fix it.
>
> Any comments?
Yes. This is why Jos Vos (author of ipfwadm) recommends first setting
your firewall rules, and only then ifconfig-ing the devices to go UP.
:-)
Roger.
--
/* EMail: R.E.Wolff@BitWizard.nl */ int main (int argc,char**argv){
/* Tel: +31-15-2137459 */ if (*++argv&&!strcmp(*argv,"-advice"))
/* WWW: http://www.BitWizard.nl/ */ {printf("Don't Panic!\n");exit(42);}}