> My solution was to load my firewall filter within S10network, not
> rc.local. The disadvantage to this is I had to hack system scripts,
> which is best avoided whenever possible.
>
> I modified S10network (actually /etc/rc.d/init.d/network) to load ipchains
> after bringing up the loopback interface, but before enabling any of the
> external interfaces. That ensures my filter is in place and running
> before packets even start coming into the machine.
Perhaps another way to handle this would be insert two init scripts, or
the same one twice if it has the know-how to detect if it's already been
run.
The first one sets up facist rules that disallow everyone, and should be
run even before the S19network script is run. Then the later one can
re-open the needed ports/services. Thus your networking can be brought up
"behind a shield" as it were.
_____________________ _ _ _________________________
Michael Rice |_| Collective |_| http://www.colltech.com
[EMAIL PROTECTED] |_ Technologies _| 8007598888/8019292 pager
Consultant [] [] "The Power Of Many Minds"
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
