[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [iptables] init script

Olaf Meeuwissen wrote:
> Better yet, forget the whole /etc/default/iptables stuff and set your
> firewalling up through appropriate scripts in the
> /etc/network/if-*.d/ directories.  For an idea on how you could go

Is there any better reason than "forget about it" for your approach?

How do you update single rules in running configs?
With /etc/init.d/iptables, you make your changes with "iptables ..." 
and save the whole ruleset with "/etc/init.d/iptables save active". If 
your're afraid of loosing remote connection while experimenting with 
rulesets, you may save your working config to a new name and schedule 
(with cron/at) a "/etc/init.d/iptables load SavedBackupNameblabla"  
before your start changing anything. 

It's also easy to have several different iptables setups or versions 
and backups. How do you achieve this with your solution?

I can't see any benefits.


To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: