[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/init.d/iptables

Ivan Shmakov a écrit :
> Pascal Hambourg <pascal.mail@plouf.fr.eu.org> writes:
> 
>> Indeed.  My opinion is that only interface-specific action such as
>> creating interface-specific firewall rules should be performed in
>> /etc/network/if-*.d/ scripts,
> 
> 	Huh?  Why one might need to put interface-specific scripts into
> 	non-interface-specific if-*.d/ directories?

These scripts get interface parameters such as name, address, custom
options... defined in /etc/network/interface and thus can perform
interface-specific tasks while being versatile.

>> as well as in /etc/ppp/ip*.d/ scripts.
> 
> 	... Also, is there any good reason to change the firewall
> 	configuration as the interfaces are brought up and down at all?

Yes, when iptables rules need some parameters such as interface name,
address... which are variable. This is rather common for PPP interfaces.
Reply to: