On Monday 26 February 2007 00:28, Grant wrote: > > > It occurred to me that if the shorewall firewall on my headless router > > > doesn't start for whatever reason, I'll be totally exposed. Is there > > > a way to protect against that? > > > > Well, you'll get an error during boot that iptables did not come up. > > The machine is headless though.
I guess you could get it to mail you, or text you, but someone else has to advice as to how you set this up (in particular SMS texting). > > I assume that shorewall is only run when you change the script and > > otherwise /etc/init.d/iptables is run as a default service after boot. > > Ouch. No. I'm running shorewall in the default runlevel and iptables > explicitly not at all. I thought running shorewall was all I needed > to do. Can you confirm that I should be running iptables in the > default runlevel and shorewall only when I want to update the config? I don't want to panic you unnecessarily. I do not know anything about shorewall and whether it takes over and runs iptables for you. > > Anyway, a closed port remains closed whether a firewall is running, or > > not. > > I thought the firewall specified which ports to open/close. Yes, as an additional layer, with a fine degree of configuration on top. Run nmap from another machine in your LAN and compare output with & without iptables. -- Regards, Mick
pgphMlwzdQRWP.pgp
Description: PGP signature
