[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: automatic Firewall start/stop

On Fri, Aug 02, 2002 at 04:49:40PM -0500, Mark Roach wrote:
>On Fri, 2002-08-02 at 16:50, Peter Hicks wrote:
>> 
>> /etc/init.d/iptables save active
>> 
>> will save the current ruleset, to be loaded on startup
>> 
>> if you want to use the init.d script to unload your firewall, flush
>> all your rules, then
>> 
>> /etc/init.d/iptables save inactive
>
>Hi, Peter. I would have suggested that except for the fact that the
>iptables maintainer seems very opposed to that script. From
>/etc/default/iptables:
>
># Q: You concocted this init.d setup, but you do not like it?
># A: I was pretty much hounded into providing it. I do not like it.
>#    Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
>#    scripts use /etc/ppp/ip-*.d/ script. Create your own custom
>#    init.d script -- no need to even name it iptables.  Use ferm,
>#    ipmasq, ipmenu, guarddog, firestarter, or one of the many other
>#    firewall configuration tools available. Do not use the init.d
>#    script.
>#
># Q: What is this iptables init.d setup all about?
># A: The iptables init.d setup saves and restores whole iptables's
>#    table rulesets. That's basically it. It doesn't create any
>#    iptables rules nor provide for running any iptables rules.
>#    That also implies no support at all for dynamic rules.
>
>Anybody know why he dislikes this setup so strongly?
>
>-Mark

Thanks for pointing that out. I was wondering why nobody had suggested
this before I had.

-- 
Peter Hicks
GnuPG public key: http://jah.net/~petong/public_key.txt
Key Fingerprint: 4E24 3C78 A165 537C 729C  8D25 3547 3CE9 9E7D 42B6
If ignorance is bliss, you must be orgasmic.
Reply to: