[wellylug] Connecting to the external world
Richard Hector
rhector at actrix.gen.nz
Sat Jan 19 15:34:02 NZDT 2002
Edouard CHALARON wrote:
>
> and moved this
>
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.1.0/24 -j MASQ
>
> from /etc/rc.d/rc.local to /etc/ppp/ip-up.local
Hmm ... you might not consider this worth worrying about, but:
What is the policy before tis script runs? Forward everything?
Now, as I understand it, ip-up runs after the ppp link comes up - and
this local script is probably called by the main one. So there's a small
delay, during which you have no firewall. Admittedly it's short, and
it's difficult to get anything with a private destination address routed
to your box, but I see it as a kind of "It'll never happen to me"
vulnerability. Which is why my firewall rules are enabled before any
interfaces come up.
Any other thoughts on this?
Richard
--
I'm currently looking for work; see my Curriculum Vitae here:
http://homepages.paradise.net.nz/~rhector/cv.html
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/0XFolB/TM
---------------------------------------------------------------------~->
.-. Wellington
/V\ Linux
// \\ Users
/( )\ Group
^^-^^
http://wlug.paradise.net.nz/
To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
More information about the wellylug
mailing list