> At 01:31 PM 9/01/2001 -0600, you wrote:
> >Try /etc/rc.d/boot.local --- this is SuSE's suggested place for such
> >items.
> >
> >--snip--
> >. /etc/rc.config
> >#
> ># Here you should add things, that should happen directly after
> >booting
> ># before we're going to the first run level.
>
> WRONG!
> Do NOT run your firewall from boot.local as it will not initialize properly
> as your interfaces will not be configured correctly.
> You SHOULD as stated by someone else, create your own startup script for
> it (which is very easy to do)

Sorry to interfere here... If a firewall (a packetfilter) needs configured
interfaces to work, it's probably not worth the time configuring it. Using
ipchains, you can safely fill the kernel with firewall rules for
interfaces that it doesn't know yet, and the rules will kick in as soon as
the interface is up and running (literally...). This is how it is supposed
to be. Having firewall rules initialized _after_ the iface is up means a
race condition against the system startup speed. Such a race used to be a
problem in Marc's SuSEfirewall a few months ago.

> Nix - nixsusesecurity.com
> SuSE-Security FAQ Maintainer

Nix, how do we get together with linking the FAQ to
http://www.suse.de/security ?

> http://www.susesecurity.com

Thanks,
Roman.

-- 
 -                                                                      -
| Roman Drahtmüller      <drahtsuse.de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]