Gold Star! That's exactly what I do, and since I policy drop FORWARD and INPUT by default, no unauthorized traffic is getting anywhere! -----Original Message----- From: Leonardo Rodrigues Magalhães [mailto:leolistas@xxxxxxxxxxxxxx] Sent: Wednesday, November 26, 2003 12:27 PM To: Hildebrand, Brian; Netfilter (E-mail) Subject: Re: Order in ruleset edition To prevent problems during a firewall reload/restart, I usually do: 1) do 'echo 0 > /proc/sys/net/ipv4/ip_forward' on the very beggining of the script 2) define the default actions to drop on the very first rules ( -P DROP ) 3) insert ALL the rules (can take some seconds) 4) do 'echo 1 > /proc/sys/net/ipv4/ip_forward' 5) firewall is READY What do you think on this ? Sincerily, Leonardo Rodrigues
