Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Nov 2006 17:25:54 +0300
From: "(GalaxyMaster)" <galaxy@....openwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: VLAN + Owl

Maxim,

On Sun, Nov 12, 2006 at 12:44:01PM +0300, Maxim Timofeyev wrote:

> In rc.local? Our /etc/rc.d/init.d/networks don't support vlan. ;(
> rc.local startup after iptables and other...

Do you have any problems with that?  I doubt it.  Moreover, I think that
setting firewalling stuff _before_ network interfaces are brought up is
a good idea.  For example:

-bash-3.1# iptables -A INPUT -i eth123 -j ACCEPT
-bash-3.1# iptables -L INPUT -xv
Chain INPUT (policy ACCEPT 541 packets, 43553 bytes)
    pkts      bytes target     prot opt in     out     source               destination
       0        0 ACCEPT     0    --  eth123 any     anywhere             anywhere
-bash-3.1# ip add ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:02:44:04:98:e1 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.77/24 brd 172.16.0.255 scope global eth0
-bash-3.1#

As you can see I have no eth123 device yet, but I could set the
appropriate iptables rule.

-- 
(GM)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.