Firewall Wizards mailing list archives
Re: Use of single port aggregations to enhance security
From: david () lang hm
Date: Mon, 11 Jan 2010 21:14:47 -0800 (PST)
On Sat, 9 Jan 2010, ArkanoiD wrote:
I thought *every* operating system follows the rule "apply packet filtering first, bring interfaces up later" nowdays?
They all can, but not all do by default. Worst case doing this takes inserting your rules in a custom init script that fires prior to the network startup.
David Lang
On Wed, Jan 06, 2010 at 06:12:46AM +1100, Darren Reed wrote:So what difference can this make? If you're using an operating system based firewall (Linux, BSD, Solaris), then depending on the order of the operating system enabling firewalls capabilities vs networking, there may be windows where packets are able to reach code paths that they weren't intended for because nic drivers start servicing packets quite early._______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Use of single port aggregations to enhance security Darren Reed (Jan 07)
- Re: Use of single port aggregations to enhance security Paul Melson (Jan 08)
- Re: Use of single port aggregations to enhance security ArkanoiD (Jan 11)
- Re: Use of single port aggregations to enhance security david (Jan 12)