Re: [Fwbuilder-discussion] Combining fwbuilder with SuSEfirewall2
Brought to you by:
mikehorn
From: Vadim K. /r/ <va...@vk...> - 2003-10-13 18:40:45
|
On Monday, October 13, 2003, at 11:35 AM, Gerald Engl wrote: > Hello at the list, hello Vadim > > With my attempts to get DSL (SuSE 8.2, german T-DSL, flatrate,=20 > dial-on-demand) i had some problems to get the policy working under=20 > "all circumstances". > > The problem was that obviously the pppd is sometimes "behaving=20 > strange", e.g if stopping my ppp0-device and restarting it quite=20 > quickly, _sometimes_ the rules were not loaded from ip-up.local (seems=20= > to be some weird timing prob). > > I guess that this behavior got something to do with the=20 > "dial-on-demand" (I really couldn=B4t figure out exactly). > > O.k. here is my "new attempt": > > I "somehow switched" back to use SuSEfirewall2 just for the initial=20 > phase, the rules created with fwbuilder are loaded from ip-up.local. > > Seems to work fine, but even if I checked all "chains/rules" (iptables=20= > -L) I=B4m not absolutly sure. > > Question: > > Are all the iptables-rules "really flushed" when loading the generated=20= > fwbuilder-script, or am I probably leaving some remaining stuff that=20= > is giving me possible security-holes? > no, all chains in all tables are really flushed and all chains are=20 reset to default DROP policy at the very beginning of the script=20 generated by fwbuilder. --vk |