[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init.d script for iptables ruleset

On Wed, Sep 21, 2005 at 06:33:47AM +0200, Klaus Ethgen wrote:
> Hello Samuel,
> Am Mi den 21. Sep 2005 um  3:12 schrieb Samuel Jean:
> > Here it goes. I wondered about a clever way to load my iptables ruleset via
> > init.d's script. Surprisingly, I didn't find any with Debian. I didn't search
> > that much though.

> Well, there was one some times ago. Now they was moved to
> /usr/share/doc/iptables/examples/oldinitdscript.gz

> I do not know why it was removed by Laurence J. Lane on 7 Dec 2002. But
> I think that is what you search for.

If I recally correctly, it was removed because it was decided that iptables
rules should be being configured through ifconfig's /etc/network/interfaces and
/etc/network/if-*{up,down}.d mechanisms, and pppd's /etc/ppp/ip*-{up,down}.d

Otherwise, you can't load only the relevant parts of the ruleset to match the
interfaces currently enabled, and you have to reload the entire ruleset if you
bring up interfaces later that /etc/init.d/iptables time.

And it keeps network configuration nicely together, in the one file, the same
way resolv-conf keeps static DNS configuration nicely centralised in

Paul "TBBle" Hampson, MCSE
8th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

License: http://creativecommons.org/licenses/by/2.1/au/

Attachment: pgpSf1wtypghv.pgp
Description: PGP signature

Reply to: