Iptables initialization

Carsten P. Gehrke Carsten at rollinghorse.com
Thu Feb 12 23:56:09 PST 2004


ken_i_m at elegantinnovations.net wrote:

I have noticed that the network is initialized and working before the
firewall.  A gap.  One I have never measured but always assumed (at least
while I did not have time to do anything about it in any case) to be small
enough that it was an OK tradeoff.

==========

I changed the order long ago, when I set up my first LFS box.  I run the 
firewall script first, then start networking, and stop networking before I 
tear down the firewall.  The gap was my concern, and I didn't see any 
reason why networking had to be up before the iptables were 
set.  Everything seems to work alright.  I've been wondering if I should 
add some sort of flag that indicates the firewall is built as intended, and 
have the network script test it before it activates the interfaces.


BTW, what's the proper way to reply to a message in the digest?


-- 
Carsten Gehrke     LFS No.: 190    using Linux since kernel 0.98
carsten at gehrke.org                 http://tech.rollinghorse.com/




More information about the hlfs-dev mailing list