From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HLSHD-0003eM-Hq for garchives@archives.gentoo.org; Sun, 25 Feb 2007 22:55:32 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l1PMsFbm019028; Sun, 25 Feb 2007 22:54:15 GMT Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l1PMm0PW011671 for ; Sun, 25 Feb 2007 22:48:00 GMT Received: by nf-out-0910.google.com with SMTP id c31so2772621nfb for ; Sun, 25 Feb 2007 14:48:00 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:message-id; b=khk4unqmmW4rbfe7WGWCsnUMZCeQSunoaO4EMA+hhoXqlRRPqBv9uGqATNrUPRK+nI9NGDkXMDmac/cf92yQXDlbMDI0rBxd00airp0wO2f8eXhSPbplxDtHZ1HlwjmWz7DTRTBTphJK2dXYtYXoO6GT549xXYHLwyAgBpAWebk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:mime-version:content-type:content-transfer-encoding:message-id; b=ezfqQo7h+HyeOydpyFhGU63BjUyyHUU0vel+NE/6g6kTNKP7T4Z6kgZpqTGGnp40lqaBeRstmCN+cEatr5kqCsBerjpASb9c9+5++3K9ffCjJfaoURY0hvi60RG/Ykgms+zF5BRNK1FUY1o4GovKOtw3X5ATkd3oBw3Y82WZfJs= Received: by 10.48.217.20 with SMTP id p20mr11363046nfg.1172443680400; Sun, 25 Feb 2007 14:48:00 -0800 (PST) Received: from lappy.study ( [213.162.120.196]) by mx.google.com with ESMTP id c22sm11123480ika.2007.02.25.14.47.59; Sun, 25 Feb 2007 14:48:00 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] What if the firewall doesn't start? Date: Sun, 25 Feb 2007 22:47:41 +0000 User-Agent: KMail/1.9.5 References: <49bf44f10702251158n2ab9c587y9563d6ad4fa3a4b3@mail.gmail.com> In-Reply-To: <49bf44f10702251158n2ab9c587y9563d6ad4fa3a4b3@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5783178.7Qj7aFtEic"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200702252247.43130.michaelkintzios@gmail.com> X-Archives-Salt: 64be91f3-0bb9-43ef-ac53-7232a58c8483 X-Archives-Hash: 69e04b223d4be5cb4059bf95b15b0898 --nextPart5783178.7Qj7aFtEic Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 25 February 2007 19:58, Grant wrote: > It occurred to me that if the shorewall firewall on my headless router > doesn't start for whatever reason, I'll be totally exposed. Is there > a way to protect against that? Well, you'll get an error during boot that iptables did not come up. I ass= ume=20 that shorewall is only run when you change the script and=20 otherwise /etc/init.d/iptables is run as a default service after boot. =20 Anyway, a closed port remains closed whether a firewall is running, or not.= =20 An open port is hopefully protected by decently strong passwds/authenticati= on=20 mechanisms. =2D-=20 Regards, Mick --nextPart5783178.7Qj7aFtEic Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBF4hIP5Fp0QerLYPcRAqv9AJoDiDHYMDpi+hB41ge55/zYfALFuACfWf7N K4vLrzAmtaiRbWHQ59YaZjM= =vzYb -----END PGP SIGNATURE----- --nextPart5783178.7Qj7aFtEic-- -- gentoo-user@gentoo.org mailing list