le /proc/sysctl features, what's wrong
> > with this ?
>
> The point is that the ipchains can NOT be set up until the assigned
> IP, network IP, and the assigned name servers are known, since the
> rules need to use these.
>
the main thing that you all aren't getting at is the external ppp0 ip
address. without that you can't do some stuff so if try to get ip addr
via ifconfig and then later use it as a variable it fail horribly, and
you will need to press contrl c to terminate hte script
there are a couople of workarounds, we can place a custom rc.firewall in
/etc/ppp, or we could do a global rc.firewall, and some other
if-specific rc.firewall (that would be rc.firewall.eth0, rc.fireall.ppp0
etc and we place those in /etc/rc.d ..)
> In the case of kppp the firewall and /proc features setup therefore
> cannot be called until kppp completes with a valid link.
>
> In the case of ethernet connections using dhcp, the firewall and
> /proc features setup cannot be called until dhcp has completed - in
> fact should be called immediately by dhcp itself to minimise the
> unprotected exposure time.
>
> In the case of ethernet connections with a static IP, the firewall
> and /proc features setup should for the same reason be called
> directly from the appropriate eth<n>-up. The existing rc.firewall
> would be too late.
>
> So the provision of rc.firewall in its present form is ill-conceived
> and not in conformance with real-world requirements (like far too
> much about the new Mandrake installer - I could go on ...).
>
> --
>
> Regards,
>
> Ron. [AU] - sent by Linux.
--
//Geoff.
