Re: automatic Firewall start/stop

[Nicos Gollan <gtdev@spearhead.de>]

On Friday 02 August 2002 23:49, Mark Roach wrote:
> # Q: You concocted this init.d setup, but you do not like it?
> # A: I was pretty much hounded into providing it. I do not like it.
> #    Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
> #    scripts use /etc/ppp/ip-*.d/ script. Create your own custom
> #    init.d script -- no need to even name it iptables.  Use ferm,
> #    ipmasq, ipmenu, guarddog, firestarter, or one of the many other
> #    firewall configuration tools available. Do not use the init.d
> #    script.
> #
> # Q: What is this iptables init.d setup all about?
> # A: The iptables init.d setup saves and restores whole iptables's
> #    table rulesets. That's basically it. It doesn't create any
> #    iptables rules nor provide for running any iptables rules.
> #    That also implies no support at all for dynamic rules.
>
> Anybody know why he dislikes this setup so strongly?

Because it only works as long as you don't change device names , IP 
addresses or whatever. Also, as it says, you cannot create "dynamic" 
rules. IMHO, the script is pretty good as long as you can live with its 
shortcomings. Just don't forget to save any changes you make.

-- 
Embedded Linux -- True multitasking!
TWO TOASTS AT THE SAME TIME!