Firewall Wizards mailing list archives

Re: Use of single port aggregations to enhance security

From: david () lang hm
Date: Mon, 11 Jan 2010 21:14:47 -0800 (PST)

On Sat, 9 Jan 2010, ArkanoiD wrote:

I thought *every* operating system follows the rule "apply
packet filtering first, bring interfaces up later" nowdays?

They all can, but not all do by default. Worst case doing this takesinserting your rules in a custom init script that fires prior to thenetwork startup.


David Lang

On Wed, Jan 06, 2010 at 06:12:46AM +1100, Darren Reed wrote:

So what difference can this make?

If you're using an operating system based firewall (Linux,
BSD, Solaris), then depending on the order of the operating
system enabling firewalls capabilities vs networking, there
may be windows where packets are able to reach code paths
that they weren't intended for because nic drivers start
servicing packets quite early.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Use of single port aggregations to enhance security Darren Reed (Jan 07)
- Re: Use of single port aggregations to enhance security Paul Melson (Jan 08)
- Re: Use of single port aggregations to enhance security ArkanoiD (Jan 11)
  - Re: Use of single port aggregations to enhance security david (Jan 12)