Hi Steffen, i want to point at another thing. It depends on the default target of every table/chain if the system is opened during restart. SuSEFirewall's default target's are dropped. Ciao ;-) Robert Rottscholl - DE Steffen Dettmer wrote:
- Maf . King wrote on Sun, Mar 17, 2002 at 23:59 +0000:
restart firewall with line open. As soon as line is down, and up again, things go wrong (other IP address from ISP).
Try restarting the firewall automagically then - have a close look at /etc/ppp/ip-up and find somewhere suitable to do a restart...
I don't recommend that! Please don't use your external IP for filtering, even this works when you have just a single IP, but use the device name (ppp0) instead. I think such setups are much more straightforward and easier to understand.
When restarting firewall, there are two possibilities: the system is too wide openeded during restart, this results in a race condition with a unprotected system, or it's to closed, this results in a race condition with wrongly dropped or rejected packets. So start the firewall as early as possible and don't change it automatically.
oki,
Steffen