2nd try: Was Firewall problem: Only works on a restart.
Gordon Messmer
yinyang at eburg.com
Wed Feb 25 21:14:08 UTC 2009
Tim wrote:
>
> And wouldn't that mean that for at least some time, you have a network
> without any firewall protecting you?
Yes, but on a host firewall or NAT firewall, there's very little risk in
that. In between the network init and firewall init, there's nothing
exposed (unless you're using NetworkManager... */me rolls eyes*). If
you're using a system that acts as a router for a network that's not
RFC1918 numbered (or using NM), I'd recommend setting up the "iptables"
firewall to deny everything, and allow that to start before the network.
Then configure your preferred firewall service (such as Shorewall) to
start after your network interfaces.
More information about the fedora-list
mailing list