Re: /etc/init.d/iptables

To: debian-firewall@lists.debian.org
Subject: Re: /etc/init.d/iptables
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date: Tue, 11 Aug 2009 16:02:22 +0200
Message-id: <4A8179EE.306@plouf.fr.eu.org>
In-reply-to: <87bpmm6hs9.fsf@violet.siamics.int>
References: <87ocqn6a95.fsf@violet.siamics.int> <87fxbz56b7.fsf@violet.siamics.int> <d1b732a70908102133x2ee99743j3a9dece7a200ad18@mail.gmail.com> <87bpmm6hs9.fsf@violet.siamics.int>

Ivan Shmakov a écrit :
> Jonathan Yu <jonathan.i.yu@gmail.com> writes:
>> 
>> I apparently used /etc/network/if-pre-up.d (I can't remember the
>> reasoning why, but I guess it's useful to make sure you load the
>> rules prior to bringing the interfaces up, which means the rules will
>> be there once network connectivity is brought up)
> 
> 	Yes.  However, doesn't if-pre-up.d/ get activated every time an
> 	interface is brought up?

Indeed.
My opinion is that only interface-specific action such as creating
interface-specific firewall rules should be performed in
/etc/network/if-*.d/ scripts, as well as in /etc/ppp/ip*.d/ scripts. Non
interface-specific commands should be performed by an init script before
the network script runs.

Reply to:

Follow-Ups:
- Re: /etc/init.d/iptables
  - From: Ivan Shmakov <oneingray@gmail.com>

References:
- /etc/init.d/iptables
  - From: Ivan Shmakov <oneingray@gmail.com>
- Re: /etc/init.d/iptables
  - From: Ivan Shmakov <oneingray@gmail.com>
- Re: /etc/init.d/iptables
  - From: Jonathan Yu <jonathan.i.yu@gmail.com>
- Re: /etc/init.d/iptables
  - From: Ivan Shmakov <oneingray@gmail.com>

Prev by Date: Re: /etc/init.d/iptables
Next by Date: Re: /etc/init.d/iptables
Previous by thread: Re: /etc/init.d/iptables
Next by thread: Re: /etc/init.d/iptables
Index(es):
- Date
- Thread