Re: [iptables] init script
Olaf Meeuwissen wrote:
> Better yet, forget the whole /etc/default/iptables stuff and set your
> firewalling up through appropriate scripts in the
> /etc/network/if-*.d/ directories. For an idea on how you could go
Is there any better reason than "forget about it" for your approach?
How do you update single rules in running configs?
With /etc/init.d/iptables, you make your changes with "iptables ..."
and save the whole ruleset with "/etc/init.d/iptables save active". If
your're afraid of loosing remote connection while experimenting with
rulesets, you may save your working config to a new name and schedule
(with cron/at) a "/etc/init.d/iptables load SavedBackupNameblabla"
before your start changing anything.
It's also easy to have several different iptables setups or versions
and backups. How do you achieve this with your solution?
I can't see any benefits.
--
rainer@ellinger.de
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: