Re: basic question: eth0 ppp0, which interface?

From: Martin Cooper (usenet_at_martinc.me.uk)
Date: 05/13/03

  • Next message: notbob: "Re: Needing a site to download Linux" 
    Date: Tue, 13 May 2003 22:55:33 +0100

    Hi,
    "H. S." <g_reate_xcalibur@yahoo.com> wrote in message
    news:nv_va.3261$mK2.299399@news20.bellglobal.com...
    > Markku Kolkka wrote:
    <snip>
    > So, since I want to have my own iptables script, I guess it should
    be
    > started when ppp0 script gets called? Right?
    Not really, no. You can setup your rules using '-i ppp+' instead of
    any other method (that way you don't need to know your IP address for
    the interface), then the rules will be in place before your modem gets
    a connection to the internet. Usually, on distributions such as
    redhat, you will have a file called /etc/init.d/iptables that contains
    your rules, so when the box shuts down it will run the command :-

    iptables-save > /etc/init.d/iptables

    and on startup, it will run the command :-

    iptables-restore < /etc/init.d/iptables

    This will normally be run before starting any of your network
    interfaces, so that you have protection as soon as the interfaces are
    brought up. If setup this way, whatever you insert at runtime will be
    saved, and the state of the firewall restored automatically on the
    next boot. However, distributions come with various other firewall
    scripts which may run at boot time as well, so this may not hold
    trueif you have installed another firewall script.

    >
    > How do I do that? Usually, people place their iptables scripts in
    rc.d
    > directory (or was it network.d or something like this), from where
    it
    > gets called automatically during bootup.

    To do that, run it from /etc/ppp/ip-up (At least that's what it is
    called on my gentoo system's), but see above. Running the script here
    could leave you open to an attack for a second or so before your
    script completes.

        Martin

  • Next message: notbob: "Re: Needing a site to download Linux"

    Relevant Pages

    • iptables and adsl modem at boot time
      ... boot time and iptables script. ... How do I set up the default iptables script that comes with Debian to ... I want this so that if the dsl modem is turned ON at boot ...
      (Debian-User)
    • Re: perl regexp for iptables
      ... Kaushal Bhandu wrote in comp.lang.perl.misc: ... Which iptables script? ...
      (comp.lang.perl.misc)
    • Re: Firewall packages (was: All these open ports)
      ... > permissions stuff) with a very short iptables script which set the ... > policies for INPUT and FORWARD to DROP, and OUTPUT to ACCEPT, and adding ... it's the application permissions ...
      (Debian-User)
    • Re: iptables starting
      ... > I wrote the following Iptables script, ... > Bad Argument filter ... the permitted ports: What will we accept from hosts not appearing ...
      (comp.os.linux.networking)
    • Re: basic question: eth0 ppp0, which interface?
      ... I will begin actually implementing my own iptables scripts. ... >>So, since I want to have my own iptables script, I guess it should ... > interfaces, so that you have protection as soon as the interfaces are ... distributions come with various other firewall ...
      (comp.os.linux.security)
    • Quantcast