> It occurred to me that if the shorewall firewall on my headless router
> doesn't start for whatever reason, I'll be totally exposed. Is there
> a way to protect against that?
Well, you'll get an error during boot that iptables did not come up.
The machine is headless though.
I assume that shorewall is only run when you change the script and
otherwise /etc/init.d/iptables is run as a default service after boot.
Ouch. No. I'm running shorewall in the default runlevel and iptables
explicitly not at all. I thought running shorewall was all I needed
to do. Can you confirm that I should be running iptables in the
default runlevel and shorewall only when I want to update the config?
Anyway, a closed port remains closed whether a firewall is running, or not.
I thought the firewall specified which ports to open/close.
- Gramt
--
gentoo-user@gentoo.org mailing list
