Re: Where to put iptables script
On Tue, 3 Jul 2001, Warren Turkal wrote:
> Where should I put the iptables script that runs when starting my
> computer?
It is very much your choice. I can tell you what I chose: I put the script
itself in /etc/init.d and made a soft link to it in /etc/rcS.d, making
sure that, in the boot process, it will be run before any network
interface is brought up.
Another respectable choice may be to put the script under the /etc/network
hierarchy and have it called before the relevant interfaces are brought
up.
If you have a complex setup, you might want to split your iptables script
in sections, one that runs right at boot, from /etc/rcS.d, before any
networking is initialised, some interface-specific sections that are run
before/after the relevant interface is brought up or down, etc. The latter
might be the case, as an example, if your computer is a gateway that has
to do masquerading for dynamic subnets on dynamic interfaces.
My laptop is not a gateway, so that its iptables script is very simple,
just to protect it from unwanted connections, and the simplest solution
works very well for me.
Hope this helps you make your own choice...
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: