On November 19, 2003 06:39 pm, Thomas Smith wrote: > To have a "pre-if" and "post-if" is a bit redundant (see the Bug for > details)--why go through the process of configuring iptables twice. The > system isn't really vulnerable to any threat until network-aware > services begin to load--which doesn't occur until after the network > interfaces are loaded. If iptables is configured to load /immediately/ > after the network interfaces then it will be protecting the system when > those services begin to load--thus closing the "gaping hole" that was > referred to in the bug.
this brings up a simple question: how do you dictate which script get's run first? if your firewall script has the line "need net" in depend, and so does apache, sendmail and bind, which one do you run first? i'd rather not have to edit the apache, sendmail and bind start scripts to require iptables... -- those who desire to give up freedom in order to gain security, will not have, nor do they deserve, either one. - benjamin franklin -- [EMAIL PROTECTED] mailing list
