2nd try: Was Firewall problem: Only works on a restart.
Gordon Messmer
yinyang at eburg.com
Wed Feb 25 21:17:12 UTC 2009
Ed Greshko wrote:
> I've not looked into the OPs problem... But I do wonder about what
> you've said that prompts me to ask...
I was actually wrong about the problem. His firewall set ip_forward to
1, but sysctl.conf set it to 0. During boot, the firewall service
started first and enabled IP forwarding. The network service started
later and reloaded sysctl.conf, turning IP forwarding off. When he
restarted the firewall service, it would turn IP forwarding back on.
The solution was to fix ip_forward in sysctl.conf.
> If the system brings up the network interfaces, but no services that
> utilize the network, prior to bringing up the firewall what
> vulnerability is the system exposed to...and for how long?
If you use the "network" service, and start your firewall immediately
after, you shouldn't have anything to worry about.
More information about the fedora-list
mailing list