On Sun, 2008-03-30 at 16:30 +0100, Andrew Suffield wrote: > > Well, I was thinking more about filtering rules. But the point in the > boot process when shorewall starts should be before anything else that > uses the network, aside from the fundamental things like dhcp and > ping.
Indeed, include PPP ip-up in that list. The thing is that a DHCP "lease acquired" script or a PPP ip-up script might want to go out to the Internet and update a DDNS service with the new address. As one example. Certainly, this could be done in a two stage process. Instead of doing the DDNS updates it could simply stash the data for a process later on in boot to do the updates. > People who start it later do so at their own risk. Or start trying to work with the network before Shorewall has done it's thing, but yes, agreed. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
