Re: iptables service with debian
Tom H a écrit :
> On Fri, Apr 27, 2012 at 6:59 PM, Pascal Hambourg <firstname.lastname@example.org> wrote:
>> Tom H a écrit :
>>> It's best to run an iptables script from "/etc/network/if-pre-up.d/".
>> Only for the rules which are related to a specific interface. Ruleset
>> initialization should not be done from there.
> Why not?
Because it makes no sense to re-initialize the ruleset every time an
interface is activated.
> Is this documented somewhere? If not, from where should
> iptables rules be launched?
Iptables should be initialized from an initscript run before networking.