Phil Savoie wrote: > Hi All, > > Was wondering if you could help me out. At work we are running CentOS 4.2 as > our mailserver/firewall. The script in question is /etc/rc3.d/S08iptables. > As this starts before the network adapters are set up, it hoses our iptables > script resulting in denying our internal hosts internet access. There shouldn't be the problem with that ordering (first iptables, then network). What exactly happens? What is in your network configuration that depends on firewall rules not being loaded? > What I would like to do is mv the script to /etc/rc3.d/S11iptables so the the > interfaces are up and then the iptables script kicks in. It is in this way > that we find it works best for us. *Very* bad idea. It is possible, but do not do it. You *really* want to first start iptables, and network only after firewall rules are loaded. Otherwise you would have race condition when your network interfaces are completely setup (accepting network traffic), but you don't have any firewall rules to protect the host (and/or network behind it, if host acts as firewall). This window when race condition would exist (if you swap the order of iptables and network) could be as short as a second or two (on very fast system with only one statically configured interface), or as long as 10 seconds (or even longer) if you have many interfaces and at least some of them are DHCP configured. Even in former case, it can be more than long enough for your system to get broken into (by some automated tool that scouts the Internet address space). Anyhow, if you have problems, it is not the order of iptables and network startup scripts. Something else is broken in your config. Fix the real underlaying problem, don't create new problems by fixing the symptoms only.