Re: ntpd running before iptables causing port 123 not opened on firewall

Hi,

It is good practice to load firewall rules before *ANY* network services
load, simple reason being is... While yoyr firewall hasnt loaded then for
that time being (all be it a short time) the services become exposed to
everyone.

So i would suggest that you rename the iptables startup script to
something like S01iptables. Also make it the last thing to die, that way
while services are coming down you will still have protection.

Hope that helps

On Thu, 05 Jun 2003 21:14:42 +0000, Jason wrote:

> On my RH9 machine, ntpd was S58ntpd under rc3.d, and iptables was
> S99iptables under rc3.d. The end result is when ntpd starts up, it
> tries to modify the iptable rules, and could not. Thus kernel would
> log long list of incoming packets to port 123.
>
> If I restart ntpd manually afterwards, then things seemed to be ok.
>
> Fairly limited exposure to linux admin, I would appreciate suggestions
> here. Should I move ntpd to a different level or change the number to
> 99 (thus causing it to start after iptables?). It seemed that other
> daemons (e.g. httpd) are started before iptables. I don't know which
> should be started first, iptables or net app daemons.
>
> thanks.
>
> -jason