[wellylug] Connecting to the external world

Richard Hector rhector at actrix.gen.nz
Sat Jan 19 15:34:02 NZDT 2002


Edouard CHALARON wrote:
> 
> and moved this
> 
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.1.0/24 -j MASQ
> 
> from /etc/rc.d/rc.local to /etc/ppp/ip-up.local

Hmm ... you might not consider this worth worrying about, but:

What is the policy before tis script runs? Forward everything?

Now, as I understand it, ip-up runs after the ppp link comes up - and
this local script is probably called by the main one. So there's a small
delay, during which you have no firewall. Admittedly it's short, and
it's difficult to get anything with a private destination address routed
to your box, but I see it as a kind of "It'll never happen to me"
vulnerability. Which is why my firewall rules are enabled before any
interfaces come up.

Any other thoughts on this?

Richard

-- 
I'm currently looking for work; see my Curriculum Vitae here:
http://homepages.paradise.net.nz/~rhector/cv.html

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 




More information about the wellylug mailing list