network/firewall under single user
Andrew Farris
lordmorgul at gmail.com
Fri Apr 11 21:28:05 UTC 2008
Joe Smith wrote:
> Andrew Farris wrote:
>> ...
>> No, it should not start the firewall, service iptables start should
>> start the firewall.
>
> Sure, and it does, but is it a good design to make it easy to start the
> network up without the firewall?
>
> My memory is probably faulty, but I'm pretty sure I remember starting
> the network in an older release and thinking, "Hey it started the
> firewall too--that's a nice touch."
>
> I suppose it doesn't much matter: as long as there's nothing running to
> accept a network connection, nothing should be able to get in over the
> net. Just the same, having the firewall in place would be that much better.
I never recall seeing that happen automatically, perhaps you changed runlevels
and saw both turn on due to config for the runlevel. In either case, I
definitely would disagree if the suggestion was made to make that intended
behavior: network start causes firewall start. I think its much better to leave
them isolated as is, and use runlevel configurations for what turns on.
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
More information about the fedora-test-list
mailing list