Re: automatic Firewall start/stop
On Fri, Aug 02, 2002 at 04:49:40PM -0500, Mark Roach wrote:
>On Fri, 2002-08-02 at 16:50, Peter Hicks wrote:
>>
>> /etc/init.d/iptables save active
>>
>> will save the current ruleset, to be loaded on startup
>>
>> if you want to use the init.d script to unload your firewall, flush
>> all your rules, then
>>
>> /etc/init.d/iptables save inactive
>
>Hi, Peter. I would have suggested that except for the fact that the
>iptables maintainer seems very opposed to that script. From
>/etc/default/iptables:
>
># Q: You concocted this init.d setup, but you do not like it?
># A: I was pretty much hounded into providing it. I do not like it.
># Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
># scripts use /etc/ppp/ip-*.d/ script. Create your own custom
># init.d script -- no need to even name it iptables. Use ferm,
># ipmasq, ipmenu, guarddog, firestarter, or one of the many other
># firewall configuration tools available. Do not use the init.d
># script.
>#
># Q: What is this iptables init.d setup all about?
># A: The iptables init.d setup saves and restores whole iptables's
># table rulesets. That's basically it. It doesn't create any
># iptables rules nor provide for running any iptables rules.
># That also implies no support at all for dynamic rules.
>
>Anybody know why he dislikes this setup so strongly?
>
>-Mark
Thanks for pointing that out. I was wondering why nobody had suggested
this before I had.
--
Peter Hicks
GnuPG public key: http://jah.net/~petong/public_key.txt
Key Fingerprint: 4E24 3C78 A165 537C 729C 8D25 3547 3CE9 9E7D 42B6
If ignorance is bliss, you must be orgasmic.
Reply to: