Re: /etc/init.d/iptables
>>>>> Pascal Hambourg <pascal.mail@plouf.fr.eu.org> writes:
>>>>> Ivan Shmakov a écrit :
>> Strangely, I cannot find where these directories are documented.
>> Could you provide a pointer, please?
> The 'interfaces' manpage contains some information about
> /etc/network/if-*.d directories and exported variables.
Indeed. Thanks!
[...]
>>> This is rather common for PPP interfaces.
>> Well, yes, though I'd consider using the `unit' pppd(8) option to
>> fix the interface name once and for all.
> "unit" is not always enough. An example is a PPP server which
> accepts multiple clients simultaneously and gives each one a
> different address. A script in /etc/ppp/ip-up.d/ can use the
> interface name and the remote address to block IP spoofing by clients
> :
> iptables -A FORWARD -i $PPP_IFACE -s ! $PPP_REMOTE -j DROP
... And the authorized IP would probably be determined just
after the PPP authentication, by which time the `unit' setting
would be a long time fixed. Yes, this is the case.
[...]
--
FSF associate member #7257
Reply to: