On Wed, Jul 10, 2002 at 10:39:24AM +0200, Dorian Haasler wrote:
: Why using rc.firewall scripts with RedHat? Write your script and at
: the of it use "iptables-save" to store the information!
: At the next reboot the iptables settings will be the same and you
: don�t need to run your script every time. Changes can done in
: /etc/sysconfig/iptables
: where the rules where stored!
One reason in particular to NOT run an rc.firewall out of rc.local on RedHat
(or any other system for that matter) is that by that time you've already
brought up your network interfaces. There's a window that's short, but is
still nonetheless exploitable to do damage.
RH loads the iptables policies FIRST, then brings up the i/f's.
So basically, run your script, then run "service iptables save", and make
sure that iptables starts at boot. You'll most likely also want to have
a look at /etc/sysctl.conf to tweak the ip forwarding setting.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
