First of all, thanks for your little essay, ;-) On Fri, Jul 25, 2003 at 07:49:13PM +0200, Andreas von Heydwolff wrote: > partitions. I run tiger and chkrootkit occasionally, i.e. once or twice > a week, sometimes not. The firewall box is a small hardened Woody with > security updates, the desktop a current SID installation.
Hmmm... I run woody for a few months now, but I have _never_ run tiger or chkrootkit. I will do so immediately... Tiger returns clean. Chkrootkit returns clean. ;-)) > open one of the higher ports for a few hours. Fiddeling with > firestarter/iptables until port forwarding worked was when I shut off > the firewall for minutes and once unfortunately a lot longer: I forgot I use shorewall, as others have already recommended. I looked into a few other programs, fwbuilder, ferm, plain iptables... I liked shorewall best. It guards you from making (stupid) mistakes when scripting your own firewall, while allowing you to use your favourite text editor to add or comment out a single rule. No hassles, just protection. > What I wonder is whether it is potentially dangerous for me to have > iptables starting quite slowly on my 133MHz firewall machine, it takes > maybe 10 seconds to get all the modules loaded while ntp already picks > up the time and a net connection has seemingly already been established. > I power down my system almost daily to reduce risks and keep my power > bill lower, so there is a certain window almost daily at startup. My IP > address is a de facto fixed one from the cable provider. I have wondered about this too... Hmmm... Shorewall's default is to start it _way_ after network services... Anyone knows the debian way to deal with this? Otherwise I'll probably add a iptables -P DROP in my /etc/network/interfaces. Is this correct? > PS will ook at Shrewall too Yes, please do, :-) David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
