iptables question
Jos Vos
jos at xos.nl
Wed Feb 25 19:45:30 UTC 2004
On Wed, Feb 25, 2004 at 01:50:07PM -0500, Patrick O'Brien wrote:
> Andrew, I usually do firewall scripts by hand. you can make an executable
> script in
> /etc/rc.d/rc3.d/S11.rc.firewall and copy it to
> /etc/rc.d/rc5.d/ for the gui startup
This advice is not good in many aspects:
- You suggest to enable the firewall *after* starting the network
(S10network), which is a security hole.
- You should not make scripts in rc*.d, but put the scripts in init.d
and let the entries in rc*.d be just symlinks (UNIX convention),
preferably managed with chkconfig (Red Hat Linux / Fedora convention).
- There already is an iptables startup script, so use it. Make an own
firewall setup script with your iptables commands, apply it, do
"/sbin/service iptables save" and use the iptables init script for
the start/stop actions.
--
-- Jos Vos <jos at xos.nl>
-- X/OS Experts in Open Systems BV | Phone: +31 20 6938364
-- Amsterdam, The Netherlands | Fax: +31 20 6948204
More information about the fedora-list
mailing list