[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: init.d script for iptables ruleset

On Wed, Sep 21, 2005 at 04:04:29PM +1000, Paul TBBle Hampson wrote:
> > Am Mi den 21. Sep 2005 um  3:12 schrieb Samuel Jean:
> > > Here it goes. I wondered about a clever way to load my iptables ruleset via
> > > init.d's script. Surprisingly, I didn't find any with Debian. I didn't search
> > > that much though.

> > Well, there was one some times ago. Now they was moved to
> > /usr/share/doc/iptables/examples/oldinitdscript.gz

> > I do not know why it was removed by Laurence J. Lane on 7 Dec 2002. But
> > I think that is what you search for.

> If I recally correctly, it was removed because it was decided that iptables
> rules should be being configured through ifconfig's /etc/network/interfaces and
> /etc/network/if-*{up,down}.d mechanisms, and pppd's /etc/ppp/ip*-{up,down}.d
> mechanism.

I don't remember any such rationale ever being given; IIRC, ljlane changed
it in response to pressure from users, who may have objected for any number
of reasons.  The presence of an optional startup script for iptables doesn't
preclude having per-interface rules, anyway; and one may have a need for
both per-interface rules *and* static rules that should always be loaded...

Anyway, this is still in the pre-proposal stage and needs plenty more work,
but since the topic has come up: <http://wiki.debian.org/FirewallByDefault>.
Feel free to add comments. :)

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: