when to start IPTables in RH9
From: Erik (et57)
Date: 07/25/04
- Next message: Erik: "Re: ADSL modem/router firewall"
- Previous message: Henry Stilmack: "Re: Internet Access"
- Next in thread: Allen Kistler: "Re: when to start IPTables in RH9"
- Reply: Allen Kistler: "Re: when to start IPTables in RH9"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Jul 2004 14:52:00 +0200
I have an RH9 Linux system running as Router/FW.
IPTables 1.2.9 on it and running happily.
Would the following be a sound idea, as to maintainablility of the
IPTables rules and the effectiveness and security of the FW:
Immediately after the running of a script in /etc/rc3.d a partial
IPTables script must run, to open up the FW for any necessary
ports/protocols/etc. related to that /etc/rc3.d script.
example and problem:
just after running the /etc/rc.d/init.d/named script, the FW must be
opened for protocol UDP/port 53.
If it is not opened, the subsequent ntpd script would not work, for it
opens the FW for a few timeservers, not given by IP number, but by
FQN. And it would log a few packet refusals, if not opened
immediately.
same goes for other servers, that need specific ports open. (Or, more
general, need specific IPTables rules effective): samba, apache,
sendmail...
For this, I would make a parallel directory for the partial IPTables
scripts (eg. /etc/rc.d/iptables/S08named), which would be controlled
by a mechanism incorporated in the /etc/rc.d mechanism (S08named
things)
Question is, how would I incorporate this parallel mechanism in the
startup scripts and where ?
fr gr
Erik
- Next message: Erik: "Re: ADSL modem/router firewall"
- Previous message: Henry Stilmack: "Re: Internet Access"
- Next in thread: Allen Kistler: "Re: when to start IPTables in RH9"
- Reply: Allen Kistler: "Re: when to start IPTables in RH9"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
