* Antony Gelberg (ag@antgel.co.uk) [030415 16:48]: > I just finished my install, which is good. After a lot of faffing around > (being used to RH), I did an update-rc.d iptables defaults. (This is after > setting up my rules, saving them, etc...) This is entirely unnecessary. In general, you don't need to use update-rc.d. If a package doesn't set itself up, it's broken. As others have pointed out, the idea is that when you install something, yo expect it to run. > > Sure enough, the symlink was in /etc/rc2.d. However on a reboot, the > service didn't start, and no amount of grepping through /var/log/messages > seemed to help. > > Where can I look to debug this? It must be something silly... Well, yeah ;-) Remember when you installed iptables it asked you a question: "Do you want to enable the iptables init script? I don't recommend it." (or something to that effect. Basically, the maintainer doesn't believe in the init script, and it's only there because others have asked for it. He believes iptables rules should be set up via thenetwork interface up scripts, or something else. So it asks you while setting up the package if you want to use the init script. The default is probably "no". (I'm working all from memory here, so forgive me if I'm a little imprecise and/or inaccurate.) To enable it, you can use dpkg-reconfigure iptables to be asked the question again. Depending on your iptables package version, you can alternatively edit /etc/init.d/iptables and look for a line that says something like "enable_iptables_initd", but it's been deprecated, and dpkg-reconfigure is the way to go. In general, dpkg-reconfigure is the tool to use when a package asks you something when setting up and you change your mind later. good times, Vineet -- http://www.doorstop.net/ -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin
Attachment:
pgpNQgH_PzaBG.pgp
Description: PGP signature