On 7/28/10 7:16 PM, lanas wrote: > Ah, this is because at very early in the boot sequence, everything is > set to drop, apart from local traffic (to let communications between > local daemons and apps). Later on, when such a high-level app comes to > life, it will either install a pre-configured firewall (using a > generated set of Shorewall files and shorewall restart) or, if no > configuration is found, will put everything to ACCEPT, hence the clear > command. That clear command can be done using straight iptables, but > it could also be done using a single 'shorewall clear' command which is > an available user option after all.
But at boot time, the firewall is wide open to start with! There is no need for any script! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
