Bug#626424: Please implement a method to save and restore netfilter rules at boot

To: Costin <costinel@gmail.com>, 626424@bugs.debian.org
Subject: Bug#626424: Please implement a method to save and restore netfilter rules at boot
From: Peter Samuelson <peter@p12n.org>
Date: Tue, 17 May 2011 10:30:12 -0500
Message-id: <[🔎] 20110517153012.GE20906@p12n.org>
Reply-to: Peter Samuelson <peter@p12n.org>, 626424@bugs.debian.org
In-reply-to: <[🔎] BANLkTinGkaTJzUc461ug36ZCPnqMumerBg@mail.gmail.com>
References: <20110512055109.GG9864@jirafa.cyrius.com> <[🔎] handler.s.C.130517947719436.transcript@bugs.debian.org> <[🔎] 20110512202156.GB3912@think.nuvreauspam> <[🔎] 4DCDA32D.2000007@bzed.de> <[🔎] BANLkTinGkaTJzUc461ug36ZCPnqMumerBg@mail.gmail.com>

> On Sat, May 14, 2011 at 00:31, Bernd Zeimetz <bernd@bzed.de> wrote:
> > to the network config in your /etc/network/interfaces and at the point when you
> > have a well working iptables config use
> > iptables-save > /etc/network/iptables.save

I go further: I run the iptables-save > /etc/network/iptables.rules
only once, to create a skeleton, and after that I treat that file as
primary source.  I edit it as needed and "apply changes" with
iptables-restore, which atomically replaces the whole set.  This seems
more natural to me than treating the live system as primary source and
"editing" that with iptables.  (Text editors provide a much more
natural interface than iptables does, for operations like renaming
tables, reordering and grouping rules logically, and the like.  Plus, I
can add arbitrary comments.)

I wouldn't mind a 'pre-up iptables-restore /etc/network/iptables.rules'
in the debian interfaces file by default ... but I don't expect it will
ever happen (lots of people don't work the way I work), so I add it
myself.
-- 
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/

Reply to:

References:
- Processed: Re: Bug#626424: Please implement a method to save and restore netfilter rules at boot
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#626424: Please implement a method to save and restore netfilter rules at boot
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Bug#626424: Please implement a method to save and restore netfilter rules at boot
  - From: Bernd Zeimetz <bernd@bzed.de>
- Bug#626424: Please implement a method to save and restore netfilter rules at boot
  - From: Costin <costinel@gmail.com>

Prev by Date: Bug#626424: Please implement a method to save and restore netfilter rules at boot
Next by Date: Re: Bug#615157: Using -Werror in CFLAGS for a debian package build
Previous by thread: Bug#626424: Please implement a method to save and restore netfilter rules at boot
Next by thread: Something wrong with eglibc 2.13-3 ?
Index(es):
- Date
- Thread