S08ipchains starts before S10network. if you change S08 to S11ipchains so
that it starts after network, it reverts back to S08ipchains after a
ipchains are supposed to start before the network - so you have NO time of a
potential break-in occuring (ie: the time b/t the network coming up and ipchains
this is normal on ALL Systems - if you're putting domain names in your ipchains
then you've made a mistake and need to re-think configuring them.
Seth is correct; setting up firewall rules after network interfaces come up (or
more importantly, after network services begin to be started) creates a small
window of opportunity which shouldn't exist.