[994] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Suggestion for Linux default fw policy (fwd)

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Fri Aug 9 15:03:51 1996

To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 9 Aug 1996 17:52:25 +0200 (METDST)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
X-Return-Receipt-To: wolff@erasmus.et.tudelft.nl

 Graeme Elsworthy <graemee@tplrd.tpl.oz.au> wrote:

> Why?  Because for the time between an interface being ifconfig'ed and
> the filtering rules being set the interface is set to "accept" all and
> every packet.  This is not good.  Especially if, as in my case, a reboot
> freezes between the ifconfig and the setting of the filtering rules - the
> interface is up and forwarding all packets, not filtering packets as
> needed, and nothing but manual intervention could fix it.
> 
> Any comments?

Yes. This is why Jos Vos (author of ipfwadm) recommends first setting
your firewall rules, and only then ifconfig-ing the devices to go UP.

:-)

                                        Roger.

-- 
/* EMail: R.E.Wolff@BitWizard.nl   */ int main (int argc,char**argv){
/*   Tel: +31-15-2137459           */ if (*++argv&&!strcmp(*argv,"-advice")) 
/*   WWW: http://www.BitWizard.nl/ */   {printf("Don't Panic!\n");exit(42);}}

home help back first fref pref prev next nref lref last post