Shutdown Order Of Operations

[dbunyard]

Quote:

Originally Posted by choeschen

Would't the simple solution be to have UT changed the default action on iptables to block and clear out all rules on startup and shutdown? When UT is done booting it can reset the rules and default action back to how it should be. I have built my own home grown firewalls before using iptables so I know this can be done via a simple script. It does not take that much time to add a bunch of rules to iptables via a script either. I was able to run through hundreds of rules being added to iptables in a matter of seconds and that was on much older hardware then the minimum requirements UT needs.

Just my

That's kinda what I was thinking. I didn't think it would be all that hard to ensure that Untangle blocks all traffic during startup/shutdown until the system is ready for it. It's not a huge deal like I said in my post but it would still be possible for a virus or something malicious to slip through before all the rack modules are brought up.

[sky-knight]

As I said, this issue has come up in the past. I'm pretty sure that if such a thing was easy, UT would have done it by now. There are likely edge cases they ran into in testing that dictating leaving it fail open.

[mrunkel]

And then we have the other 3000 untangle users complaining that it blocks network traffic when the UVM shuts down.

Maybe I can see adding an option, but my first reaction is seriously? It's a window of under 30 seconds. You can use these events as a tool to show management how much spam the Untangle blocks in normal operation.

[sky-knight]

And when you can close the window yourself with a carefully crafted packet filter rule, Untangle provides the tools for admins that don't want that opening present during a reboot to control things as they want.

So we're arguing default behavior, and since it's adjustable behavior, I call it fixed.