7404 – /etc/init.d/iptables enable/disable forwarding and ipv6

Bug 7404 - /etc/init.d/iptables enable/disable forwarding and ipv6

Summary: /etc/init.d/iptables enable/disable forwarding and ipv6

Status:	RESOLVED DUPLICATE of bug 2355

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	7463
	Show dependency tree

Reported:	2002-09-03 03:02 UTC by Take Vos
Modified:	2005-07-17 13:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Take Vos 2002-09-03 03:02:34 UTC

After iptables are loaded it is save to turn on portforwarding,  
if the user wants to (maybe with a value in /etc/conf.d/net)  
  
Just before iptables are flushed or restored, you should disable forwarding  
so that no unauthorized packets can get trough.  
  
IP forwarding can be enabled with:  
	echo 1 >/proc/sys/net/ipv4/ip_forward  
	echo 1 >/proc/sys/net/ipv6/conf/all/forwarding  
  
for ipv6, you may want to compile iptables with 'make experimental' which 
will build ip6tables-save and restore utilities.

Comment 1 Jason Costomiris 2002-09-04 16:32:36 UTC

If you load the iptables rules before bringing up interfaces, it's safe to turn
on ip_forwarding before activating iptables...

That is, if you:

1. turn on ip_forwarding
2. turn on ipchains
3. turn up interfaces

you're safe...

Comment 2 Daniel Ahlberg (RETIRED) gentoo-dev

2002-09-05 02:44:04 UTC


*** This bug has been marked as a duplicate of 2355 ***