Re: [iptables] init script

To: debian-firewall@lists.debian.org
Subject: Re: [iptables] init script
From: Rainer Ellinger <rainer@ellinger.de>
Date: Tue, 28 May 2002 10:53:01 +0200
Message-id: <[🔎] 200205281035.07916@ellinger.de>
In-reply-to: <[🔎] 87off1kx89.fsf@frodo.epkowa.co.jp>
References: <[🔎] 005701c20596$7f8ee660$0507e0c2@ene.es> <[🔎] 200205271853.01146@ellinger.de> <[🔎] 87off1kx89.fsf@frodo.epkowa.co.jp>

Olaf Meeuwissen wrote:
> Better yet, forget the whole /etc/default/iptables stuff and set your
> firewalling up through appropriate scripts in the
> /etc/network/if-*.d/ directories.  For an idea on how you could go

Is there any better reason than "forget about it" for your approach?

How do you update single rules in running configs?
With /etc/init.d/iptables, you make your changes with "iptables ..." 
and save the whole ruleset with "/etc/init.d/iptables save active". If 
your're afraid of loosing remote connection while experimenting with 
rulesets, you may save your working config to a new name and schedule 
(with cron/at) a "/etc/init.d/iptables load SavedBackupNameblabla"  
before your start changing anything. 

It's also easy to have several different iptables setups or versions 
and backups. How do you achieve this with your solution?

I can't see any benefits.

-- 
rainer@ellinger.de

--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: [iptables] init script
  - From: Olaf Meeuwissen <olaf@epkowa.co.jp>

References:
- [iptables] init script
  - From: "Davi Leal" <david.leal@ene.es>
- Re: [iptables] init script
  - From: Rainer Ellinger <rainer@ellinger.de>
- Re: [iptables] init script
  - From: Olaf Meeuwissen <olaf@epkowa.co.jp>

Prev by Date: Re: [iptables] init script
Next by Date: Re: NIS on gateway
Previous by thread: Re: [iptables] init script
Next by thread: Re: [iptables] init script
Index(es):
- Date
- Thread