-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Sorry, I forgot to mention the startup script bit. My script was just for setting up the firewall, not for controlling its startup/shutdown. Depending on you distro startup/shutdown can be of varying dificulty. Redhat's iptables script allows you to run it with a parameter of "save" (so, that would be something like /etc/init.d/iptables save) to save the current rules set, this will be restored on reboot. Gentoo saves the rules set on shutdown and restores on startup automatically. I'm not sure about how Debian works, but it looks like it uses various named files to save and doesn't have a default restored on startup. Whether you use the save/restore functions or just use a script to set your rules at startup is a personal preference. I would just like to point out a few things about the init script, though. (Do note that most of these are personal preferences that stem from an acute paranoia) I don't like leaving ident open, I don't really think its any of your buisness who is signed onto my computer. Also, I prefer to block all but the most needed ICMP(ping) stuff. Not responding to pings makes it much harder to portscan your box, which is generally safer. For that last rule (iptables -A INPUT -j REJECT) I prefer the DROP target, as REJECT informs the sender that its packet was dropped, whereas DROP simply ignores it, in short making your computer something of a blackhole. Again, the above things are not critical, just paranoid. Actually, the more I think about it, the more I like the idea of an init script. Especially with things like the status call. Anyways, both options are good, take what you need, and be safe Peter Snoblin -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.5 for non-commercial use <http://www.nai.com> iQA/AwUBPXj5lf1TZRsvCt7JEQLZ/ACeLCHjQ4pWCfyBgKetY2sMnEEbpo4An2yS eiOHIDJhWdqQaA3VWplkQbF/ =ZvDz -----END PGP SIGNATURE-----
