[Initscripts-ng-devel] Defining the workgroup objectives
Olaf van der Spek
olafvdspek at gmail.com
Wed Jul 27 13:56:28 UTC 2005
On 7/27/05, Sven Mueller <debian at incase.de> wrote:
> I assume the start-X-before-Y&stop-X-before-Y case?
>
> Firewall with a deny-all policy when stopped:
> You want the firewall to start before any service daemon is started so
> that they don't fail in DNS lookups or delivering of mails or whatever
> they do at startup. However, you _might_ also want to close all ports
> quickly before shutting down the services, so no new requests come in
> during shutdown.
> A pretty constructed example, but still a valid example.
Is it? It looks like a race condition to me.
How much time is there really between the port being closed by the
firewall and the port being closed by the service itself?
And what about a connect that's done before the firewall closes the
port and a request that's done after?
More information about the initscripts-ng-devel
mailing list