On Fri, 2002-08-02 at 16:50, Peter Hicks wrote: > > /etc/init.d/iptables save active > > will save the current ruleset, to be loaded on startup > > if you want to use the init.d script to unload your firewall, flush > all your rules, then > > /etc/init.d/iptables save inactive Hi, Peter. I would have suggested that except for the fact that the iptables maintainer seems very opposed to that script. From /etc/default/iptables: # Q: You concocted this init.d setup, but you do not like it? # A: I was pretty much hounded into providing it. I do not like it. # Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/ # scripts use /etc/ppp/ip-*.d/ script. Create your own custom # init.d script -- no need to even name it iptables. Use ferm, # ipmasq, ipmenu, guarddog, firestarter, or one of the many other # firewall configuration tools available. Do not use the init.d # script. # # Q: What is this iptables init.d setup all about? # A: The iptables init.d setup saves and restores whole iptables's # table rulesets. That's basically it. It doesn't create any # iptables rules nor provide for running any iptables rules. # That also implies no support at all for dynamic rules. Anybody know why he dislikes this setup so strongly? -Mark
Attachment:
signature.asc
Description: This is a digitally signed message part