Re: /etc/init.d/iptables

[Ivan Shmakov <oneingray@gmail.com>]

>>>>> Pascal Hambourg <pascal.mail@plouf.fr.eu.org> writes:
>>>>> Ivan Shmakov a écrit :

 >> Strangely, I cannot find where these directories are documented.
 >> Could you provide a pointer, please?

 > The 'interfaces' manpage contains some information about
 > /etc/network/if-*.d directories and exported variables.

	Indeed.  Thanks!

[...]

 >>> This is rather common for PPP interfaces.

 >> Well, yes, though I'd consider using the `unit' pppd(8) option to
 >> fix the interface name once and for all.

 > "unit" is not always enough.  An example is a PPP server which
 > accepts multiple clients simultaneously and gives each one a
 > different address.  A script in /etc/ppp/ip-up.d/ can use the
 > interface name and the remote address to block IP spoofing by clients
 > :

 > iptables -A FORWARD -i $PPP_IFACE -s ! $PPP_REMOTE -j DROP

	... And the authorized IP would probably be determined just
	after the PPP authentication, by which time the `unit' setting
	would be a long time fixed.  Yes, this is the case.

[...]

-- 
FSF associate member #7257