[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: automatic Firewall start/stop



On Fri, 2002-08-02 at 16:50, Peter Hicks wrote:
> 
> /etc/init.d/iptables save active
> 
> will save the current ruleset, to be loaded on startup
> 
> if you want to use the init.d script to unload your firewall, flush
> all your rules, then
> 
> /etc/init.d/iptables save inactive

Hi, Peter. I would have suggested that except for the fact that the
iptables maintainer seems very opposed to that script. From
/etc/default/iptables:

# Q: You concocted this init.d setup, but you do not like it?
# A: I was pretty much hounded into providing it. I do not like it.
#    Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
#    scripts use /etc/ppp/ip-*.d/ script. Create your own custom
#    init.d script -- no need to even name it iptables.  Use ferm,
#    ipmasq, ipmenu, guarddog, firestarter, or one of the many other
#    firewall configuration tools available. Do not use the init.d
#    script.
#
# Q: What is this iptables init.d setup all about?
# A: The iptables init.d setup saves and restores whole iptables's
#    table rulesets. That's basically it. It doesn't create any
#    iptables rules nor provide for running any iptables rules.
#    That also implies no support at all for dynamic rules.

Anybody know why he dislikes this setup so strongly?

-Mark

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: