Re: FireHOL Question

["vizi0n (debian-firewall)" <debian-firewall@vizi0n.com>]

Hi Raul!

I managed to save my table but I don't really understand how to load it on 
boot, because I dont have any iptable file in /etc/init.d/, only my firehol 
script

should i just create a script that loads the table using "iptables-restore 
/var/lib/iptables/active" ?

viz

----- Original Message ----- 
From: "Raúl Alexis Betancort Santana" <rabs@dimension-virtual.com>
To: <debian-firewall@lists.debian.org>
Sent: Friday, September 24, 2004 1:29 PM
Subject: Re: FireHOL Question


El Viernes 24 Septiembre 2004 07:42, Daniel Pittman escribió:
> On 22 Sep 2004, vizi0n wrote:
> > Thanks for the reply, but I managed to do it without any help! I really
> > like it when I get it all done by myself :)
> > I'm using DNAT and SNAT and it works like a charm :)
> >
> > The only thing is that FireHOL takes a looooooooong while to load while
> > booting or just when restarting the service, it takes a big 30 seconds 
> > to
> > 1 full minute to load. Any way to make it load quicker?
>
> Rewrite it in some language other than a huge bash shell script. :)
>
> Seriously, the biggest performance hit is that bash is enormously slow
> while it chews through the central loop and builds the iptables
> commands.
>
> Actually installing the firewall once it has compiled is very fast.
>
> Alternatively, rewrite it so that it can compile a stand-alone (or close
> to it) shell script that builds the firewall, and then use that to
> remove the need to "compile" it each time you start the script.
>
>
> ...besides, do you /really/ reboot your firewall that often?


What I did on my Debian FWs is to use firehol to setup the FW, but remove it
from the start init scripts, ones the FW is loaded and running I run
iptables-save > /var/lib/iptables/active   and thats all, the init.d script
of iptables does the rest.

Best Regards