Subject: Re: port-unreachable and system reboot
To: None <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 05/27/2001 06:48:55
In article <firstname.lastname@example.org>, <email@example.com> wrote:
>> When I reboot a system for some reason, I'd rather that anyone trying
>>to access it just keep trying. Unfortunately, there is a window between
>>ifconfig up, and starting the appropriate daemons when the system
>>will return an ICMP port unreachable.
>> I wonder if anyone has given any thought that perhaps one should not
>>send this ICMP at all until a sysctl has been set? (Which would be done
>>once all daemons are started)
>> Aside from helping during bootup, this might also be useful to permit
>>a system to be someone more stealthy.
> how about an (additional) ipf rule during bootstrap?
this is difficult to get right, because many daemons want to get replies back
from servers (think ntpdate).