Bug#626424: Please implement a method to save and restore netfilter rules at boot
On Sat, May 14, 2011 at 00:31, Bernd Zeimetz <bernd@bzed.de> wrote:
> Hi,
>
> If I remember right such functions were removed from the iptables package for
> various good reasons, for example to avoid that people lock themselves out.
>
> Implementing something similar is pertty easy, add something like
>
> pre-up iptables-restore < /etc/network/iptables.save || true
I pretty much desire to avoid manually changing as less configuration
files as possible
>
> to the network config in your /etc/network/interfaces and at the point when you
> have a well working iptables config use
> iptables-save > /etc/network/iptables.save
>
> I'd never recommend to let something save iptables rules automatically. Do it
> manually when you;re sure that you have a working configuration.
>
I did not mention the word "automatically". I just want to have a
lazymans' way[1] to
- manually save rules
- automatically restore saved rules at boot
That's exactly what the iptables initscript does in redhat, for the
past 11 years (first appeared in "ipchains"
http://legacy.redhat.com/pub/redhat/linux/6.2/en/os/i386/RedHat/RPMS/ipchains-1.3.9-5.i386.rpm)
For that, Andrei's recommendation of iptables-persistent seems the
most tolerable answer, especially with Tollef's hint of saving - and I
hope the package maintainer will be kind enough to (accept a patch
for)/(develop) the initscript to parse a 'save' parameter)
> Or even better, use ferm instead.
Tried it but, uh, I'm enough confortable with iptables syntax
___
[1] type as less as possible, memorize as few as possible
Reply to: