Firewalls: Re: FW-1 - less secure ?

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: FW-1 - less secure ?
From:	Jean-Francois Zwobada <zwobada @ apogee-com . fr>
Organization:	APOGEE Communications
Date:	Mon, 30 Sep 1996 11:57:29 +0200
To:	Jean-Christophe Touvet <jct @ EdelWeb . fr>
Cc:	Firewalls @ greatcircle . com
References:	<199609300820 . KAA22452 @ champagne . edelweb . fr>
Reply-to:	zwobada @ apogee-com . fr

Jean-Christophe Touvet wrote:
>  SunOS/FW1 hint: compile your kernel with IP forwarding disabled (-1). Add an
> adb command (W1) at the end of fwstart script to enable IP forwarding only
> when fw module is loaded, and add the reverse adb command (W0) at the
> beginning of fwstop script. You might also wrap your shutdown command.
> 
>     -JCT-

I am probably too paranoid: wait FW-1 to start before setting up the
external interface. Why external guys would be able to send packets
on my firewall before the FW-1 module is loaded&started ?

Jean-Francois

-- 
_____ Jean-Francois Zwobada (mailto:zwobada @
 apogee-com .
 fr) _______

Apogee Communications              Tel    : +33 (1) 69 85 56 47
			           Fax    : +33 (1) 69 85 56 48
"      ### Retrieving "Murphy's Law" record in database ###
  perror: Unknown error code. Refer to the Unlucky User's Guide"
__________________________________________________________________

References:

Re: FW-1 - less secure ?
From: Jean-Christophe Touvet <jct @ EdelWeb . fr>

Indexed By Date	Previous:	Firewall-1 XView: Menu too large From: Greg . Donkin @ roke . co . uk
Indexed By Date	Next:	NT vs. UNIX white paper From: Artur Alves <Artur . Alves @ sni . siemens . pt>
Indexed By Thread	Previous:	Re: FW-1 - less secure ? From: Jean-Christophe Touvet <jct @ EdelWeb . fr>
Indexed By Thread	Next:	Best CFG Sun SparcStation + FW-1 From: Gildasio Rocha Filho <gildasio @ cult . com . br>