> Hi Rick, Thank you! > This is a nice clean solution. It integrates so well with the existing > system thats its almost like someone designed it that way.... :-) > > Does anybody know if there is a "gap" in coverage between the time the > network is started up and the time the iptables rules become active ? > > Or put more directly - is there any chance that a network based attack > can have time to succeed between the time the networking starts up > and the time the iptables filtering goes into effect ?
Actually on my RH 8.0 boxes, iptables starts BEFORE the network is brought up - so you're good to go. in /etc/rc.d/rc3.d you have the following: S08iptables S10network That brings up iptables first :-) -Rick -- Rick Johnson, RHCE - [EMAIL PROTECTED] Linux/WAN Administrator - Medata, Inc. (from home) PGP Key: https://mail.medata.com/pgp/rjohnson.asc -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
